通过重定向的外部网络字体
External web font via redirect
当尝试在网页上使用来自另一个域的字体文件时,我 运行 充分考虑了跨源资源策略的限制。
因此,我没有使用 @font-face
直接从 CSS 引用外部字体 URL,而是引用了重定向到外部字体资源的本地 URL 路径。我认为浏览器可能会将字体视为同域资源。事实上,重定向似乎欺骗了 Chrome 使用外部字体,但 Firefox 的情况并非如此,它不允许这样做。
我的问题是,Chrome 和 Firefox 分别展示的两种行为中的哪一种符合标准?
发件人:http://www.w3.org/TR/cors/#cors-api-specification-redirect
Since browsers are based on a same origin security model and the
policy outlined in this specification is intended for APIs used in
browsers, it is expected that APIs that will utilize this policy will
have to handle a same origin request that results in a redirect that
is cross-origin in a special way.
For APIs that transparently handle redirects CORS API specifications are encouraged to handle this scenario transparently as well by "catching" the redirect and invoking the cross-origin request algorithm on the (cross-origin) redirect URL.
据我了解,Firefox 似乎可以处理它 'the right way'。
当尝试在网页上使用来自另一个域的字体文件时,我 运行 充分考虑了跨源资源策略的限制。
因此,我没有使用 @font-face
直接从 CSS 引用外部字体 URL,而是引用了重定向到外部字体资源的本地 URL 路径。我认为浏览器可能会将字体视为同域资源。事实上,重定向似乎欺骗了 Chrome 使用外部字体,但 Firefox 的情况并非如此,它不允许这样做。
我的问题是,Chrome 和 Firefox 分别展示的两种行为中的哪一种符合标准?
发件人:http://www.w3.org/TR/cors/#cors-api-specification-redirect
Since browsers are based on a same origin security model and the policy outlined in this specification is intended for APIs used in browsers, it is expected that APIs that will utilize this policy will have to handle a same origin request that results in a redirect that is cross-origin in a special way.
For APIs that transparently handle redirects CORS API specifications are encouraged to handle this scenario transparently as well by "catching" the redirect and invoking the cross-origin request algorithm on the (cross-origin) redirect URL.
据我了解,Firefox 似乎可以处理它 'the right way'。