[MGNLUI-3777] Streamline DIN font fallbacks when webfont can't be loaded Created: 16/Feb/16  Updated: 09/Feb/17  Resolved: 16/Jun/16

Status: Closed
Project: Magnolia UI
Component/s: admincentral
Affects Version/s: None
Fix Version/s: 5.3.15, 5.4.8, 5.5

Type: Improvement Priority: Major
Reporter: Dirk Tillinger Assignee: Maxime Michel
Resolution: Fixed Votes: 0
Labels: IE11, UX, cache, cache-control, devwl, pragma, support, webfont
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Apache 2.4; WildFly 8.2.0.Final Tweek STANDALONE, InternetExplorer 11, SSL encrypted connection


Attachments: PNG File Bild 050.png    
Issue Links:
Relates
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:
Sprint: Basel 48
Story Points: 3

 Description   

(1) The Magnolia AdminCentral UI uses a custom web-font.

(2) Following the OWASP recommendations, the caching headers are set as follow in the Apache:
(https://www.owasp.org/index.php/OWASP_Application_Security_FAQ#Browser_Cache)

Header merge Cache-Control no-cache env=NO_CACHE
Header merge Cache-Control no-store env=NO_STORE
Header set Pragma "no-cache"
Header set Expires "Wed, 10 Jan 1970 00:00:00 GMT"

(3) Unfortunately the IE has an issue with webfonts under these conditions:
(https://connect.microsoft.com/IE/feedbackdetail/view/992569/font-face-not-working-with-internet-explorer-and-http-header-pragma-no-cache)

(4) Steps-ToReproduce:

  • use a setup as above
  • use InternetExplorer
  • load AdminCentral page / press F5 or CTRL-F5

Request:
The AdminCentral UI should have a working font fallback that allows continuing to work even when the WebFont can not be loaded. (font & icons)

Looks like there is no fallback set - therefor the IE 11 decides to fallback to TimesNewRoman font and the "icons" can not be loaded.



 Comments   
Comment by Mikaël Geljić [ 07/Apr/16 ]

Hi dtillinger, zdenekskodik,

If I understand correctly, you're having an Apache proxy in front of Magnolia on JBoss/Wildfly.
For what it's worth, the OWASP recommendations state that the Pragma header applies to "legacy HTTP 1.0 servers"—while on the other hand JBoss has been 1.1 for a while (and even partially adopting HTTP/2 in latest versions). But maybe you're using your apache proxy for other systems too, so fair enough.

In that case, any chance you can exclude the magnolia admincentral from these rules?
As a matter of fact, we already have proper cache-control for the admincentral. The page will never be cached (and has the pragma header too), while I don't see any reason not to cache static resources such as the fonts or libraries (with appropriate version mark, where applicable).
In other words, no sensitive data is exposed via browser cache.

On a side note, I also can't think of any reasonable fallback for such an icon font—which wouldn't question the overall approach we chose for icons. I'm not aware of any "hybrid" framework which would transparently choose to display either image icons or font icons in a consistent way. That said, we might re-evaluate plain SVG at some point as well.

Hope this helps a bit,
Cheers,

Comment by Mikaël Geljić [ 04/May/16 ]

Slightly misunderstood the issue, it's not so much about the icon-font, but about DIN web-font we use for headings. Some have a proper fallback (font-family), and some don't (e.g. app-launcher labels). The goal of this ticket should be to streamline these font-family settings, most likely with a couple of Sass variables.

Generated at Mon Feb 12 09:09:58 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.