Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Requests to load fonts with wrong URL in Chrome/Edge #479

Closed
k-risc opened this issue Oct 20, 2024 · 3 comments
Closed

Requests to load fonts with wrong URL in Chrome/Edge #479

k-risc opened this issue Oct 20, 2024 · 3 comments
Labels
bug

Comments

@k-risc
Copy link

k-risc commented Oct 20, 2024

We noticed 404 errors in the web server and application logs related to fonts. We use version 1.11.11

Expected Behavior

Fonts being requested from their correct location, e.g. https://www.example.com/fonts/font.woff2 or https://www.example.com/webfonts/font.woff2

Current Behavior

We use an MVC framework (CakePHP). When being on a page for a particular controller action, e.g. https://www.example.com/entities/view/1234, the requests to the fonts are built as https://test-www-newton.revantage.local/entities/fonts/font.woff2

Possible Solution

In Firefox (desktop), it works as expected. In Chrome (desktop and mobile/Android), as well as in Edge, these requests are generated.

Steps To Reproduce

These are particular to our web application, so I am not sure if the same happens if executed in another application under the same circumstances.

Additional Context

none

Your Environment

  • html-to-image:. 1.11.11
  • OS: Windows 11, Android 14
  • Browser: Chrome/Edge
@k-risc k-risc added the bug label Oct 20, 2024
@biiibooo
Copy link
Contributor

biiibooo bot commented Oct 20, 2024

👋 @k-risc

Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it.
To help make it easier for us to investigate your issue, please follow the contributing guidelines.

We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can.

@k-risc
Copy link
Author

k-risc commented Oct 23, 2024

This might be related to CSP settings. I found errors in the dev console saying:
Refused to set the document's base URI to '<URL>' because it violates the following Content Security Policy directive: "base-uri ".

We use base-uri 'self'. The method resolveUrl() tries to set the <base> element's href in an on-the-fly document, so it can later retrieve the full path to the font file based on its relative path definition. It seems to be trying to set the href attribute to the full URL to the CSS file containing the rule, e.g. https://www.example.com/css/bundle.css?V=123456.

Firefox seems to accept that., but Chrome/Edge not. Setting the <base> element's href is then disallowed, and the full path to the font file that the code retrieves is based on the URL of the current document itself, e.g. https://www.example.com/entities/view/1234.

After adding 'https://www.example.com/css' explicitly to the CSP configuration, it worked.

I'll check if I find out more in regard to if and why the browsers are handling this differently.

@k-risc
Copy link
Author

k-risc commented Oct 23, 2024

Indeed it was our CSP settings that caused this. Due to an error in the configuration they were actually not base-uri 'self', but 'none'. After fixing this, the fonts loaded fine.

@k-risc k-risc closed this as completed Oct 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@k-risc