Skip to content

CCM-9916: preload fonts with cors#131

Merged
jakecosgrove merged 2 commits into
mainfrom
feature/CCM-9916_safari-fonts
Oct 23, 2025
Merged

CCM-9916: preload fonts with cors#131
jakecosgrove merged 2 commits into
mainfrom
feature/CCM-9916_safari-fonts

Conversation

@harrim91

Copy link
Copy Markdown
Contributor

Description

  • Adds font preloads with an explicit CORS directive, which allows them to be loaded by Safari.

Context

When opening notify.nhs.uk in Safari, the site failed to load fonts served from https://assets.nhs.uk.
The browser console showed:

Failed to load resource: Cancelled load to https://assets.nhs.uk/fonts/FrutigerLTW01-55Roman.woff2 because it violates the resource's Cross-Origin-Resource-Policy response header.

The site’s HTML was being served with:

Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy: require-corp

These headers enable cross-origin isolation. Under this policy, cross-origin assets must either:

  • be fetched with CORS
  • be served with a Cross-Origin-Resource-Policy (CORP) header of cross-origin or same-site.

Font fetches were happening from within a @font-face block in the nhsuk-frontend css.
Safari was doing these fetches as no-CORS requests which caused them to be rejected.

Type of changes

  • Refactoring (non-breaking change)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would change existing functionality)
  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I am familiar with the contributing guidelines
  • I have followed the code style of the project
  • I have added tests to cover my changes
  • I have updated the documentation accordingly
  • This PR is a result of pair or mob programming

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

  • I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

@harrim91 harrim91 requested a review from a team as a code owner October 20, 2025 15:29

@emmagifford emmagifford left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Michael explained the context to me over Teams. We both had issues getting the codespace to load, so Michael's added screenshots of the site running locally on his machine. I can see that the fonts appear to load correctly in the Safari browser.

Happy to approve - well done!

@jakecosgrove jakecosgrove merged commit 7eb2872 into main Oct 23, 2025
15 of 16 checks passed
@jakecosgrove jakecosgrove deleted the feature/CCM-9916_safari-fonts branch October 23, 2025 14:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants