0

We have a font hosted on S3 as a woff and referenced via CSS. The S3 bucket has CORS configured to allow cross-site access from anywhere. Normally, the font displays with no issues. Sometimes, however, Firefox fails to render the font and the error console reports "bad URI or cross-site access not allowed". I'm trying, without much success, to figure out exactly what sequence of HTTP calls FF uses to obtain the font resource from S3 so I can debug the situation with curl. Thus far, debugging with

curl -s -I -X OPTIONS --header "Origin: http://www.foo.com" --header "Access-Control-Request-Method: GET" s3.amazonaws.com/font.woff

has yielded only HTTP 200 responses, i.e. provides no information about what might be failing. I'm kind of at a loss as to how to figure out what's going on. I don't know whether S3 is sporadically returning spurious 403 responses to the OPTIONS requests, 403 responses to the requests for the resource itself, or our HTML/CSS is somehow subtly broken and/or exposing a bug in FF. Any suggestions?

thirtydot
  • 224,678
  • 48
  • 389
  • 349
cbmanica
  • 3,502
  • 7
  • 36
  • 54
  • Try debugging using the Firebug extension for Firefox. It is very powerful, and will show you all network requests, including headers. – David Pettersson Nov 08 '12 at 23:44
  • Sadly, the sporadic nature of the bug has so far resisted attempts to reproduce it with something like Firebug open, but hopefully that'll change soon. – cbmanica Nov 09 '12 at 00:00
  • Finally duplicated it with Firebug, and it really looks like FF is just flat not requesting the font resource. Maybe some kind of super bizarre timing issue... – cbmanica Nov 09 '12 at 01:05
  • Weird. I came to think of two things: 1. You could use Wireshark to look at the raw network traffic 2. Are you doing any sort of load balancing using CloudFront? – David Pettersson Nov 12 '12 at 13:23
  • Yeah, Wireshark hasn't been super helpful either - best I can get is that Firefox doesn't request the font resource at all when it doesn't work. Probably some weirdness with the CSS and/or Firefox, but I haven't been able to make sense of it. And no, we aren't using CloudFront. – cbmanica Nov 12 '12 at 19:17

1 Answers1

0

This looks to be an intentional preventative measure against xss (cross site scripting) attacks that firefox has implemented.

Read about one possible solution here: Downloadable font on firefox: bad URI or cross-site access not allowed

Community
  • 1
  • 1
cars
  • 421
  • 7
  • 18