CSS imported to JS using ?inline contain JS code for URL handling instead of actual URLs when built for production

[Artur-]

Describe the bug

One of our project which works fine with Vite 2.x has code like

import previewHacks from './preview-hacks.css?inline';

injectGlobalCss(previewHacks.toString());

where preview-hacks.css contains

@import url('line-awesome/dist/line-awesome/css/line-awesome.min.css');

The line-awesome.min.css file contains

@font-face{
  font-family:'Line Awesome Brands';
  font-style:normal;
  font-weight:400;
  font-display:auto;
  src:url(../fonts/la-brands-400.eot);
  src:url(../fonts/la-brands-400.eot?#iefix) format("embedded-opentype"),url(../fonts/la-brands-400.woff2) format("woff2"),url(../fo
 }

With Vite 3.0.0-3.0.7 the CSS string previewHacks.toString() contains in dev mode

@font-face {
  font-family: 'Line Awesome Brands';
  font-style: normal;
  font-weight: normal;
  font-display: auto;
  src: url("/VAADIN/@fs/path-to-project/node_modules/line-awesome/dist/line-awesome/fonts/la-brands-400.eot");

but when built for production it contains

@font-face{font-family:Line Awesome Brands;font-style:normal;font-weight:400;font-display:auto;src:url("+new URL('la-brands-400.c0e32387.eot', import.meta.url).href+");

Reproduction

Reproduces in a private Vaadin project. So far I have been unable to trigger it in a simple project. @patak-dev has access to the project though

System Info

System:
    OS: macOS 12.4
    CPU: (10) arm64 Apple M1 Max
    Memory: 8.07 GB / 64.00 GB
    Shell: 5.8.1 - /bin/zsh
  Binaries:
    Node: 17.9.0 - ~/.nvm/versions/node/v17.9.0/bin/node
    npm: 8.5.5 - ~/.nvm/versions/node/v17.9.0/bin/npm
  Browsers:
    Chrome: 104.0.5112.79
    Chrome Canary: 106.0.5241.0
    Firefox: 102.0
    Safari: 15.5
  npmPackages:
    vite: ^3.0.7 => 3.0.7

Used Package Manager

npm

Logs

No response

Validations

• Follow our Code of Conduct
• Read the Contributing Guidelines.
• Read the docs.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Make sure this is a Vite issue and not a framework-specific issue. For example, if it's a Vue SFC related bug, it should likely be reported to vuejs/core instead.
• Check that this is a concrete bug. For Q&A open a GitHub Discussion or join our Discord Chat Server.
• The provided reproduction is a minimal reproducible example of the bug.

[Artur-]

Oh we actually see this in many many of our tests now also when trying to upgrade from 3.0.4 to 3.0.7: vaadin/flow#14356. Which is a bit weird because in the other project, it shows up also with 3.0.4

[Artur-]

Perhaps related to #9381 or some other import meta PR @sapphi-red ?

[sapphi-red]

What is the problem here? Because

"@font-face{font-family:Line Awesome Brands;font-style:normal;font-weight:400;font-display:auto;src:url("+new URL('la-brands-400.c0e32387.eot', import.meta.url).href+");"

is in JS, it will be evaluated as something like

"@font-face{font-family:Line Awesome Brands;font-style:normal;font-weight:400;font-display:auto;src:url(https://example.com/assets/la-brands-400.c0e32387.eot);"

which is a valid CSS.

This import.meta.url is used for relative base, so using base: './' will be a important for creating reproduction.

[Artur-]

The problem is that it is not evaluated but the JS code remains in the final string

[patak-dev]

Just a detail, but previewHacks should already be a string here, no? There is no need for toString

injectGlobalCss(previewHacks.toString());

It would help a lot to be able to get a reproduction, I wonder if one of your plugins is getting in the way. If it isn't evaluated, it means that the CSS code didn't end up like:

" ... "+new URL().hred+" ... "

when you are importing previewHacks, that is quite strange

[Artur-]

The code in the output JS is like

const Rl = O`@font-face{font-family:Line Awesome Brands;font-style:normal;font-weight:400;font-display:auto;src:url("+new URL("la-brands-400.c0e32387.eot",import.meta.url).href+");src:url("+new URL("la-brands-400.c0e32387.eot?#iefix",import.meta.url).href+") format("embedded-opentype"),url("+new URL("la-brands-400.ff70c9bc.woff2",import.meta.url).href+") format("woff2"),url("+new URL("la-brands-400.14c63377.woff",import.meta.url).href+") format("woff"),url("+new URL("la-brands-400.fbc98702.ttf",import.meta.url).href+") format("truetype"),url("+new URL("la-brands-400.4da18191.svg#lineawesome",import.meta.url).href+") format("svg")}

So as the CSS is wrapped inside

O`css`

breaking out using "+new URL will obviously not work

I suspect the wrapping is done by rollup-plugin-postcss-lit

[patak-dev]

Interesting, this looks like something that could be fixed in rollup-plugin-postcss-lit. It isn't safe to wrap code in this way. At one point, we had used

` ... ${new URL().href} ... `

For our wrapping, but that also may have issues depending on their (I assume) regex based replacing 🤔
If it is this plugin, you should be able to create a reproduction and maybe check if they are willing to patch their plugin.

[patak-dev]

Thinking about this some more, since we are replacing the URL in renderChunk, it is not really safe for Vite to assume that no other plugin has transformed it from "..." to a template string. So I think this issue falls on our side.

I see two options:

1. We could migrate to using

   ` ... ${new URL().href} ... `

   This should be safer in general, maybe we could do this change and release it in 3.1 to avoid disruption (prob. out in two weeks, but you could start using a beta sooner)
2. We could add code to detect in what kind of string is the __VITE_ASSET__ being replaced directly in renderChunk.

Leaning towards 2. if we can find a good implementation.

[Artur-]

Here is a reproduction case https://github.com/Artur-/vite-vaadin-problem7

[sapphi-red]

If it's using tagged template literal (css`a` ) and not a normal template literal (css(`a`) ), are we able to preserve the meaning? (I'm not sure if this is the case though.)

function t(...args){console.log(args)}

t`aa` // [['aa']]
t`a${'url'}a` // [['a', 'a'], 'url']
t(`a${'url'}a`) // ['aurla']

For example, if rollup-plugin-postcss-lit is transforming (a) to (b), transforming (b) to (c) might break it.

// (a)
export default ".foo { background: url('./foo') }"
// (b)
export default css`.foo { background: url('./foo') }`
// (c)
export default css`.foo { background: url('${new URL('./foo', import.meta.url).href}') }`

[web-padawan]

Tried rollup-plugin-lit-css and it has the same problem when using the following config in the project linked above:

import litcss from 'rollup-plugin-lit-css';

export default {
  base: './',
  plugins: [
    {
      ...litcss({include: '**/*.css*'}),
      enforce: 'post'
    }
  ],
}

That plugin use string-to-template-literal instead of RegEx based replacing.

[web-padawan]

Compared the code produced by two plugins I tested, and both have src:url(__VITE_ASSET__b7ef2cd1__) in the output.
The only real difference in the output is format("woff") vs format(\\"woff\\"); which seems irrelevant.

rollup-plugin-postcss-lit

@font-face{font-family:Roboto;font-style:normal;font-display:swap;font-weight:400;src:url(__VITE_ASSET__b7ef2cd1__) format("woff2"),url(__VITE_ASSET__e41533d5__) format("woff")}

Full output

import {css as cssTag} from 'lit';
export default cssTag`@font-face{font-family:Roboto;font-style:normal;font-display:swap;font-weight:400;src:url(__VITE_ASSET__b7ef2cd1__) format("woff2"),url(__VITE_ASSET__e41533d5__) format("woff");unicode-range:U+0460-052F,U+1C80-1C88,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F}@font-face{font-family:Roboto;font-style:normal;font-display:swap;font-weight:400;src:url(__VITE_ASSET__495d38d4__) format("woff2"),url(__VITE_ASSET__e41533d5__) format("woff");unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116}@font-face{font-family:Roboto;font-style:normal;font-display:swap;font-weight:400;src:url(data:font/woff2;base64,d09GMgABAAAAAAXMABIAAAAACeAAAAVwAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGiYbIBw2BmAANAhUCYM8EQwKg2iDSgsQABIUATYCJAMcBCAFgnQHIAyCSRt8CAieB2WbnmbLuYAwwpK8+iIe4P3r89wHDZaakNWCmB8R66SEWr+ILhpijnTqf6QAyyF8GVAOAPOWtmNg6llFXANTaQXCgXMubThOj6JRPCJsEWW3o1/4wX411uruvta/9FF8Zz50qenu3hVxmf4QIi1dRSzhkcR0SqA1QoiwzI2uAUbffgtBpA0YCssEQRChiaaAgMpAFvDsmKQshIEEer1l/u1J0Sbi8P6OJsQc3VHd6N0nlHe1MAhFbvPNcXJVWKNNekPqCYVx/lj8nqMi5BY4Pd6hectSY5E2Lll8SMf/HJXfEKEOfCtEMjEFBEHtpSkbjBK4aB1MIEjT/t9z/+W3j8FgVyeNWdDn7wh7b19l7pQoyFW8FXcx+P9D4NE2ErMMk4kskmVMCiwyG5ZhhyC7qZ19JoMatwj00/I0GG/uexT/v7K+Ysx9JXVwiRoC1yHR9VGAy9QQcXVQbqOGmOvEACWZm5EnyicLnfULjlggc0ldeRXQEqImnlS9kL8XAZndegKyuixM77OP24/Mzw9QQ7Kfha4v9OEOadjJ0qBYxN896pRbZI6ly/PS82Bs9iiYPpuaWJZEw83lXbg5G5JRslr2VFWPDtfbPBryeqZk5eKg/CqRD2Oz8tcvgJMiFi4RC6PWb9fnkzx74cWAeELYJFCSObI1tnxBfqwo2lPppazn26eGKDWU3KLMvOioppPNX6y4euc5FBq4y6Emd99OYa6zfpnpUhjE4Y/qoWtWQ4tIHr845ZA6bDc+AOSaR/sb6c9Otrh6uj3cUdDVKESNWgCK/GzxKQiLFKJeTz+QgzZKTIUcA2Nz9h2ppBhtbSQxfsjAtk4xoD1oes5gXYPe8UWmx+HjwQeNPfi2Wv/952vDpV/80Njw3WfWXv5IL3662ucz8dd9se78QkPd6ihDH61ZfS/s/KK0fjE+sgih+YDL5pz1vnH249tjfOAcLqZOTdvY/3jL1Hy3vqvcu358ODj2/etmVHfcdW+1t2X6R08H6p3BTzz87uDo6/H/vD/2scffaEf/ThphsXX6jLtDvp7cx6bvFUbnpWbFBWgOekJEip6LgFz63wtE+H/fXrpM++P7m8wAgZk/NJnacWXJLOW1rWO16C5ouY7SRE5T8x0iJ7MpntZyQJtPS2tuKXZpKqNf728OLK1FiJj72rq99z4Ho7G9hTQm0sqlhiEBKlWXfTDq1zbQcaP1HosN1zo/TqWGAGGywdQJhaSfHo9wDdfhs78cJKBZ5glRluQQEG030P7t9IdL+03+rRhRIHjxxwF7IsRHYeWXv0f991G5d9GJAKUIBPIT/jUpF/wa9f/Ccm9YiMnjjap8MPxDeomeuKM1ffn/fWHktrCSBT3iY20i0fZ0BBSOAgtJiYMAUDBoOigYaTtuMB4PJjiY2lFfMDPaqZe2rfYTKVcYVUK+QIPiwY175iFi5Yq4Em50vIyNq4cbYFLL2Fyqwbe4aq5Kx+XgZMhZco180ZCv3b5iqtyXD9VCUsquRpcNT74CH3LW95hzWKkvV3KxoHLNhF5fxylXMNkCLk6rio/XJGRzZWquGi/JysTM3sUM+4wfckMBveM4zKV1U1VT4QMTqQI/IFSPuDBgopvEnkF6u7kQ4gJdWIvWjkeivDg/OWNxRqSXxIolJclBKluW+uwutDVlWXtxjIc9y9fPPiBAxIqR2jR/O1ZmRftILVjVU5bo4zjbmDxi6XLWfHj/+sMns5ZFfyP9jLWD9pU5CFi/MC+Fo8Vo/+XhjzuFH9jQ3a32p2/nQ0fiTr60oFFwFV18KrXSKp2m/+AsuvlQKqXRIVOncITG9B6cRRdfSqt0RP8hVHTzrZOuHdwJDHdwJwA=) format("woff2"),url(__VITE_ASSET__e41533d5__) format("woff");unicode-range:U+1F00-1FFF}@font-face{font-family:Roboto;font-style:normal;font-display:swap;font-weight:400;src:url(__VITE_ASSET__daf51ab5__) format("woff2"),url(__VITE_ASSET__e41533d5__) format("woff");unicode-range:U+0370-03FF}@font-face{font-family:Roboto;font-style:normal;font-display:swap;font-weight:400;src:url(__VITE_ASSET__77b24796__) format("woff2"),url(__VITE_ASSET__e41533d5__) format("woff");unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+1EA0-1EF9,U+20AB}@font-face{font-family:Roboto;font-style:normal;font-display:swap;font-weight:400;src:url(__VITE_ASSET__3c23eb02__) format("woff2"),url(__VITE_ASSET__e41533d5__) format("woff");unicode-range:U+0100-024F,U+0259,U+1E00-1EFF,U+2020,U+20A0-20AB,U+20AD-20CF,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:Roboto;font-style:normal;font-display:swap;font-weight:400;src:url(__VITE_ASSET__f6734f81__) format("woff2"),url(__VITE_ASSET__e41533d5__) format("woff");unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}
`

rollup-plugin-lit-css

@font-face{font-family:Roboto;font-style:normal;font-display:swap;font-weight:400;src:url(__VITE_ASSET__b7ef2cd1__) format(\\"woff2\\"),url(__VITE_ASSET__e41533d5__) format(\\"woff\\");}

Full output

import {css} from 'lit';
export const styles = css`export default "@font-face{font-family:Roboto;font-style:normal;font-display:swap;font-weight:400;src:url(__VITE_ASSET__b7ef2cd1__) format(\\"woff2\\"),url(__VITE_ASSET__e41533d5__) format(\\"woff\\");unicode-range:U+0460-052F,U+1C80-1C88,U+20B4,U+2DE0-2DFF,U+A640-A69F,U+FE2E-FE2F}@font-face{font-family:Roboto;font-style:normal;font-display:swap;font-weight:400;src:url(__VITE_ASSET__495d38d4__) format(\\"woff2\\"),url(__VITE_ASSET__e41533d5__) format(\\"woff\\");unicode-range:U+0301,U+0400-045F,U+0490-0491,U+04B0-04B1,U+2116}@font-face{font-family:Roboto;font-style:normal;font-display:swap;font-weight:400;src:url(data:font/woff2;base64,d09GMgABAAAAAAXMABIAAAAACeAAAAVwAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGiYbIBw2BmAANAhUCYM8EQwKg2iDSgsQABIUATYCJAMcBCAFgnQHIAyCSRt8CAieB2WbnmbLuYAwwpK8+iIe4P3r89wHDZaakNWCmB8R66SEWr+ILhpijnTqf6QAyyF8GVAOAPOWtmNg6llFXANTaQXCgXMubThOj6JRPCJsEWW3o1/4wX411uruvta/9FF8Zz50qenu3hVxmf4QIi1dRSzhkcR0SqA1QoiwzI2uAUbffgtBpA0YCssEQRChiaaAgMpAFvDsmKQshIEEer1l/u1J0Sbi8P6OJsQc3VHd6N0nlHe1MAhFbvPNcXJVWKNNekPqCYVx/lj8nqMi5BY4Pd6hectSY5E2Lll8SMf/HJXfEKEOfCtEMjEFBEHtpSkbjBK4aB1MIEjT/t9z/+W3j8FgVyeNWdDn7wh7b19l7pQoyFW8FXcx+P9D4NE2ErMMk4kskmVMCiwyG5ZhhyC7qZ19JoMatwj00/I0GG/uexT/v7K+Ysx9JXVwiRoC1yHR9VGAy9QQcXVQbqOGmOvEACWZm5EnyicLnfULjlggc0ldeRXQEqImnlS9kL8XAZndegKyuixM77OP24/Mzw9QQ7Kfha4v9OEOadjJ0qBYxN896pRbZI6ly/PS82Bs9iiYPpuaWJZEw83lXbg5G5JRslr2VFWPDtfbPBryeqZk5eKg/CqRD2Oz8tcvgJMiFi4RC6PWb9fnkzx74cWAeELYJFCSObI1tnxBfqwo2lPppazn26eGKDWU3KLMvOioppPNX6y4euc5FBq4y6Emd99OYa6zfpnpUhjE4Y/qoWtWQ4tIHr845ZA6bDc+AOSaR/sb6c9Otrh6uj3cUdDVKESNWgCK/GzxKQiLFKJeTz+QgzZKTIUcA2Nz9h2ppBhtbSQxfsjAtk4xoD1oes5gXYPe8UWmx+HjwQeNPfi2Wv/952vDpV/80Njw3WfWXv5IL3662ucz8dd9se78QkPd6ihDH61ZfS/s/KK0fjE+sgih+YDL5pz1vnH249tjfOAcLqZOTdvY/3jL1Hy3vqvcu358ODj2/etmVHfcdW+1t2X6R08H6p3BTzz87uDo6/H/vD/2scffaEf/ThphsXX6jLtDvp7cx6bvFUbnpWbFBWgOekJEip6LgFz63wtE+H/fXrpM++P7m8wAgZk/NJnacWXJLOW1rWO16C5ouY7SRE5T8x0iJ7MpntZyQJtPS2tuKXZpKqNf728OLK1FiJj72rq99z4Ho7G9hTQm0sqlhiEBKlWXfTDq1zbQcaP1HosN1zo/TqWGAGGywdQJhaSfHo9wDdfhs78cJKBZ5glRluQQEG030P7t9IdL+03+rRhRIHjxxwF7IsRHYeWXv0f991G5d9GJAKUIBPIT/jUpF/wa9f/Ccm9YiMnjjap8MPxDeomeuKM1ffn/fWHktrCSBT3iY20i0fZ0BBSOAgtJiYMAUDBoOigYaTtuMB4PJjiY2lFfMDPaqZe2rfYTKVcYVUK+QIPiwY175iFi5Yq4Em50vIyNq4cbYFLL2Fyqwbe4aq5Kx+XgZMhZco180ZCv3b5iqtyXD9VCUsquRpcNT74CH3LW95hzWKkvV3KxoHLNhF5fxylXMNkCLk6rio/XJGRzZWquGi/JysTM3sUM+4wfckMBveM4zKV1U1VT4QMTqQI/IFSPuDBgopvEnkF6u7kQ4gJdWIvWjkeivDg/OWNxRqSXxIolJclBKluW+uwutDVlWXtxjIc9y9fPPiBAxIqR2jR/O1ZmRftILVjVU5bo4zjbmDxi6XLWfHj/+sMns5ZFfyP9jLWD9pU5CFi/MC+Fo8Vo/+XhjzuFH9jQ3a32p2/nQ0fiTr60oFFwFV18KrXSKp2m/+AsuvlQKqXRIVOncITG9B6cRRdfSqt0RP8hVHTzrZOuHdwJDHdwJwA=) format(\\"woff2\\"),url(__VITE_ASSET__e41533d5__) format(\\"woff\\");unicode-range:U+1F00-1FFF}@font-face{font-family:Roboto;font-style:normal;font-display:swap;font-weight:400;src:url(__VITE_ASSET__daf51ab5__) format(\\"woff2\\"),url(__VITE_ASSET__e41533d5__) format(\\"woff\\");unicode-range:U+0370-03FF}@font-face{font-family:Roboto;font-style:normal;font-display:swap;font-weight:400;src:url(__VITE_ASSET__77b24796__) format(\\"woff2\\"),url(__VITE_ASSET__e41533d5__) format(\\"woff\\");unicode-range:U+0102-0103,U+0110-0111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+1EA0-1EF9,U+20AB}@font-face{font-family:Roboto;font-style:normal;font-display:swap;font-weight:400;src:url(__VITE_ASSET__3c23eb02__) format(\\"woff2\\"),url(__VITE_ASSET__e41533d5__) format(\\"woff\\");unicode-range:U+0100-024F,U+0259,U+1E00-1EFF,U+2020,U+20A0-20AB,U+20AD-20CF,U+2113,U+2C60-2C7F,U+A720-A7FF}@font-face{font-family:Roboto;font-style:normal;font-display:swap;font-weight:400;src:url(__VITE_ASSET__f6734f81__) format(\\"woff2\\"),url(__VITE_ASSET__e41533d5__) format(\\"woff\\");unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+2000-206F,U+2074,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+FFFD}\\n"`;
export default styles;

[Artur-]

It should be possible to workaround this by making the URL wrapped as Vite expects it so instead of rewriting in the plugin from

@font-face{src:url(__VITE_ASSET__c0e32387__)}

to

cssTag`@font-face{src:url(__VITE_ASSET__c0e32387__)}`

it would rewrite to

cssTag`@font-face{src:url(${unsafeCSSTag("__VITE_ASSET__c0e32387__")})

Then __VITE_ASSET__ is quoted with " like Vite expects..

[patak-dev]

Do you have a reference for src:url @Artur-?

@sapphi-red do you have an example where it will break? I know that the named template string could potentially do anything, but I assume that if they see a URL interpolated they must respect it. Maybe they will be adding custom logic to be able to update it later? But I think the resulting CSS should be well-formed.

[Artur-]

For the record, this resolves the issue for us https://github.com/umbopepato/rollup-plugin-postcss-lit/pull/54/files

[patak-dev]

For the record, this resolves the issue for us umbopepato/rollup-plugin-postcss-lit#54 (files)

Oh, interesting. Great that they were so responsive. They will also need to guard against __VITE_PUBLIC_ASSET__. I still think that we should be guarding against this in Vite core, so let's keep discussing in this issue.

[Artur-]

Well... I created that PR :)

[sapphi-red]

I think this will break if we inject new URL(foo) without wrapping with unsafeCSS. (stackblitz)

If you must use an expression in a css literal that is not itself a css literal, and you are confident that the expression is from a fully trusted source such as a constant defined in your own code, then you can wrap the expression with the unsafeCSS function:
lit docs

[Artur-]

unsafeCSS is not at all a great solution, far from it but it allows us to move forward before this is fixed properly

[manolo]

Is this fixed, or still an issue ?

[Artur-]

This issue reappears when trying to upgrade from Vite 5 beta 9 to beta 10. Not sure what has changed

[Artur-]

In the test logs (https://github.com/vaadin/flow/actions/runs/6627641560/job/18003126076) there are requests for files like

Error message in browser log: [2023-10-24T13:47:41.126Z] [SEVERE] http://localhost:8888/+new%20URL('fa-solid-900-9yKDp_qD.woff2',%20import.meta.url).href+ - Failed to load resource: the server responded with a status of 404 (Not Found)

[sapphi-red]

@Artur- beta10 upgrades rollup to v4. rollup v4 uses some additional characters for the reference id. I guess you need to change this line like I did here.
https://github.com/vaadin/flow/blob/66cec6601f458f514e42cbe4f9ea279f58469db7/flow-server/src/main/resources/plugins/rollup-plugin-postcss-lit-custom/rollup-plugin-postcss-lit.js#L31
https://github.com/vitejs/vite/pull/14508/files#diff-91776e7c6039d23a070162f02a69cd46046a2095bd5ecb384ae9e27f2ea5288fL30-R31

[Artur-]

Thanks! That did it and we are 🍏 📗 🟢 💚 with Vite 5 beta 10

[Messa1]

Is there any fix for that problem? Local all work as I need. When I deploy and build i got a 404 error.
downloadable font: download failed (font-family: "Font Awesome 6 Free" style:normal weight:900 stretch:100 src index:0): status=2147746065 source: https://DOMAIN.COM/dist/webfonts/fa-solid-900.woff2

package.json

{
  "name": "kirby-vite",
  "main": "src/index.js",
  "type": "module",
  "scripts": {
    "vite": "vite",
    "dev": "concurrently \"npm:server\" \"npm:vite\"",
    "server": "php -S localhost:8888 -t public server.php",
    "build": "vite build",
    "preview": "npm run build && npm run server"
  },
  "author": "arnoson",
  "license": "MIT",
  "devDependencies": {
    "concurrently": "^8.2.2",
    "glob": "^10.3.10",
    "vite": "^5.1.5",
    "vite-plugin-kirby": "^5.3.0"
  },
  "dependencies": {
    "@fortawesome/fontawesome-free": "^6.5.1",
    "mburger-webcomponent": "^3.1.4",
    "mmenu-js": "^9.3.0",
    "sass": "^1.71.1",
    "uikit": "^3.19.1"
  }
}

index.scss

// Theme
@import "theme/variables-theme.scss";

@import "uikit/src/scss/variables-theme.scss";
@import "uikit/src/scss/mixins-theme.scss";

@import '@fortawesome/fontawesome-free/scss/fontawesome.scss';
@import '@fortawesome/fontawesome-free/scss/brands.scss';
@import '@fortawesome/fontawesome-free/scss/solid.scss';
@import '@fortawesome/fontawesome-free/scss/regular.scss';

@import "theme/_import.scss";
@import "mmenu-js/src/mmenu.scss";

vite.config.php

<?php
// This is an auto-generated file. Please avoid making changes here.
// Configure your settings in the "vite.config.js" file instead.
return [
  'rootDir' => 'src',
  'outDir' => 'public/dist',
  'assetsDir' => 'assets',
  'legacy' => false
];