In the JavaScript console, I see this when loading pages:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://sea2.discourse-cdn.com/flex016/assets/fontawesome-webfont-d070152e08af8f018c788909bbcbafc0.woff?http://discuss.rust-lang.org&1&v=4.0.4. This can be fixed by moving the resource to the same domain or enabling CORS.
downloadable font: download failed (font-family: "FontAwesome" style:normal weight:normal stretch:normal src index:1): bad URI or cross-site access not allowed
source: https://sea2.discourse-cdn.com/flex016/assets/fontawesome-webfont-d070152e08af8f018c788909bbcbafc0.woff?http://discuss.rust-lang.org&1&v=4.0.4
This effects me too—FontAwesome doesn’t load, and most avatars don’t load either (although if I click on broken avatars they sometimes get fixed, so I think it’s unrelated). Using Firefox 31 here. I get the same messages in the console, too. (I only just realised that I haven’t updated Firefox (Nightly) for months o_O—I’m updating it now, so I’ll see if that fixes it.)
Edit: I updated to Firefox Nightly 33 and I’m still getting this problem.
Aha, I’m also using HTTPS Everywhere, and disabling that fixes it. Not entirely sure what’s going on though, because neither this site nor the fonts are being loaded as https.
FWIW: There is an open HTTPS Anywhere bug on this.
Apparently we can work around this by unconditionally loading the fastly resources over https, instead of http. It looks like we use protocol-relative URLs right now. I don't know if this is configurable per-instance.
