英文:
Cookies not being sent via font-face request
问题
这个cookie是在域名example.com上设置的。
当我在我的CSS中包含以下内容并访问Web服务器时,这个cookie会包含在字体请求中。
@font-face {
font-family: Uniform;
src: url("/font1.otf")
format("opentype");
}
然而,如果我尝试从托管在子域上的不同服务器加载字体,那么cookie不会发送。
@font-face {
font-family: Uniform;
src: url("https://asset.example.com/font1.otf")
format("opentype");
}
但是,如果我将图像加载为div的背景图像,那么cookie将正常发送。例如:
.bug {
background-image: url("https://asset.example.com/my-img.png");
position: absolute;
top: 30px;
right: 30px;
filter: invert(100%);
max-width: 150px;
}
我已经困扰了好几个小时了。任何帮助将不胜感激。
我尝试将cookie的samesite设置为三个选项,并且还尝试了cookie是否安全的设置。
英文:
I have a cookie set on the domain example.com.
This cookie is included in requests for fonts when I have this in my CSS and going to the web server
@font-face {
font-family: Uniform;
src: url("/font1.otf")
format("opentype");
}
However if I try and load up a font from a different server hosted on a subdomain then the cookie does not get send though
@font-face {
font-family: Uniform;
src: url("https://asset.example.com/font1.otf")
format("opentype");
}
However if I load up a image as a background image on a div the cookie is sent though absolutely fine. For example
.bug {
background-image: url("https://asset.example.com/my-img.png");
position: absolute;
top: 30px;
right: 30px;
filter: invert(100%);
max-width: 150px;
}
I have been going round in circles for hours on this. Any help would be much apricated
I have tried setting the samesite to all three options on the cookie and if the cookie is secure or not.
答案1
得分: 1
Web fonts are treated differently from other types of resources, when it comes to cross-origin requests.
A quick search lead me to https://stackoverflow.com/q/30248647/1427878, and a comment there is referring to https://bugs.chromium.org/p/chromium/issues/detail?id=411338 - and in there you find one comment saying,
> CSS Fonts Module Level 3 says that user agents must use "Anonymous" mode of CORS-enabled fetch [1], that means credentials are not sent regardless of server's Access-Control-Allow-Credentials header.
(XMLHttpRequest change of Chrome 37 is unrelated to font fetches.)
>
> [1] http://www.w3.org/TR/css3-fonts/#font-fetching-requirements
So what you want here simply must not work, due to the specification.
英文:
Web fonts are treated differently from other types of resources, when it comes to cross-origin requests.
A quick search lead me to https://stackoverflow.com/q/30248647/1427878, and a comment there is referring to https://bugs.chromium.org/p/chromium/issues/detail?id=411338 - and in there you find one comment saying,
> CSS Fonts Module Level 3 says that user agents must use "Anonymous" mode of CORS-enabled fetch [1], that means credentials are not sent regardless of server's Access-Control-Allow-Credentials header.
(XMLHttpRequest change of Chrome 37 is unrelated to font fetches.)
>
> [1] http://www.w3.org/TR/css3-fonts/#font-fetching-requirements
So what you want here simply must not work, due to the specification.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论