Google Fonts blocked by NoScript

[fyxas]

I'm using Google Fonts to my website like this, it's been working for over a year.

Code: Select all

<link href='http://fonts.googleapis.com/css?family=Roboto:400,400italic,500|Roboto+Condensed' rel='stylesheet' type='text/css'>

But recently a fallback font appears on Firefox with Noscript. "Forbid @font-face" is unchecked, and it shouldn't matter in the first place since my website is whitelisted.

Here's what I get in Firefox console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://fonts.gstatic.com/s/roboto/v15/C ... UTuA.woff2. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

downloadable font: download failed (font-family: "Roboto" style:normal weight:normal stretch:normal src index:2): bad URI or cross-site access not allowed source: http://fonts.gstatic.com/s/roboto/v15/C ... UTuA.woff2

I tried disabling XSS protection altoghether, but it has no effect. There's no XSS message when the fonts are blocked, either:



Only found two ways to make it work:

1. Use secure https://fonts.googleapis.com/etc... link to include the fonts, then it works (no idea why)

2. Restart Firefox with NoScript add-on disabled (that's my only clue that it's NoScript doing this)

So, any way to use NoScript as before but allow Google Fonts? I thought maybe I need to add XSS exception, but unchecking XSS protection had no effect...

[therube]

viewtopic.php?f=7&t=21722

viewtopic.php?f=10&t=21711

[Giorgio Maone]

Please check latest development build 2.9.0.6rc1, thanks.

[fyxas]

Google Fonts work now, much thanks!