angler-fishThe Vulnerability History Project

Webfont fetch should be CORS-enabled even for same-origin URL

      Before this patch, webfont request was made with no-cors mode when the
URL of font face was same-origin. However, that same-origin request may
be redirected to another origin.

This patch makes webfont requests use cors mode for (initially)
same-origin requests too, in order to let ResourceFetcher handle
same/cross origin stuff. (This matches how <img crossorigin> works.)

BUG=512678
TEST=http/tests/webfont/webfont-cors.html

Review URL: https://codereview.chromium.org/1250793008

git-svn-id: svn://svn.chromium.org/blink/trunk@199364 bbb929c8-8fbe-4397-9dbb-9b2b20218538
by Heather the Lobster 2015-07-23 09:20:26 UTC
commit 212b92858f0ae007c90abd10b40ba805a13af43c
Chromium Fix CVE-2015-6762
third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-request-resources.html
+1 -1
third_party/WebKit/LayoutTests/http/tests/webfont/webfont-cors-expected.html
-3
third_party/WebKit/LayoutTests/http/tests/webfont/webfont-cors.html
-7
third_party/WebKit/Source/core/css/CSSFontFaceSrcValue.cpp
+10 -1
third_party/WebKit/Source/core/css/CSSFontFaceSrcValue.h
+1
expand_less