Webfont CORS-enabled fetching with fallback

Source/core/css/CSSFontFaceSrcValue.cpp

Index: Source/core/css/CSSFontFaceSrcValue.cpp
diff --git a/Source/core/css/CSSFontFaceSrcValue.cpp b/Source/core/css/CSSFontFaceSrcValue.cpp
index 5ccf7547707efc0f79d2e69841d9ace072da92cb..d54f0deefda13f9baba7b6c47a029033f0652d12 100644
--- a/Source/core/css/CSSFontFaceSrcValue.cpp
+++ b/Source/core/css/CSSFontFaceSrcValue.cpp
@@ -88,10 +88,23 @@ bool CSSFontFaceSrcValue::hasFailedOrCanceledSubresources() const
     return m_fetched->loadFailedOrCanceled();
 }
 
+bool CSSFontFaceSrcValue::shouldSetCrossOriginAccessControl(const KURL& resource, SecurityOrigin* securityOrigin)
+{
+    if (resource.isLocalFile() || resource.protocolIsData())
+        return false;
+    if (m_fetched && m_fetched->isCORSFailed())
+        return false;
+    return !securityOrigin->canRequest(resource);
+}
+
 FontResource* CSSFontFaceSrcValue::fetch(Document* document)
 {
-    if (!m_fetched) {
+    if (!m_fetched || m_fetched->isCORSFailed()) {
         FetchRequest request(ResourceRequest(document->completeURL(m_resource)), FetchInitiatorTypeNames::css);
+        SecurityOrigin* securityOrigin = document->securityOrigin();
+        if (shouldSetCrossOriginAccessControl(request.url(), securityOrigin)) {
+            request.setCrossOriginAccessControl(securityOrigin, DoNotAllowStoredCredentials);
+        }
         m_fetched = document->fetcher()->fetchFont(request);
     }
     return m_fetched.get();