Fix font 404s and global-styles 403 in pattern creator editor

[bor0]

Summary

Fixes two issues that prevented styles from loading correctly in the pattern creator editor canvas, reported in #741.

Font 404s (NotoSerif)

WordPress core's get_block_editor_theme_styles() fetches external editor styles via wp_remote_get() but omits baseURL from the returned object (local files receive one; remote URLs do not). Gutenberg's transformStyles rewrites url() property values using baseURL but silently ignores @import at-rules, so relative paths like @import "./NotoSerif/NotoSerifJP/style.css" from global-fonts/style.css resolve against the iframe page URL (/new-pattern/) instead of the CSS file location, producing 404s.

Fix: a block_editor_settings_all filter that detects styles lacking baseURL with relative @import paths, infers the correct base URL from the absolute url() font references already present in the same CSS (those point to sibling directories — removing the last two path segments gives the shared parent), then rewrites the @import paths to absolute.

global-styles 403

The block editor fetches GET /wp/v2/global-styles/{id} to load the active theme's customisations. wp_global_styles is a non-public post type authored by an admin, so WordPress's read_post capability check fails for regular users, returning 403. Browsers surface this as a CORS error in the console.

Global styles are CSS configuration already compiled and served publicly via the site's front-end <style> tag, so allowing authenticated users to read them through the REST API is safe.

Fix: a map_meta_cap filter that intercepts read_post checks on wp_global_styles posts during REST requests and returns ['read'] — a capability all logged-in users have.

Fixes #741

Props @supernovia

Screenshots

Before: 3 console errors (404s + 403), NotoSerif fonts absent from editor canvas.
After: 0 console errors, fonts load correctly.

How to test the changes in this Pull Request:

1. Log in to wordpress.org/patterns as a regular (non-admin) user.
2. Open the pattern creator at https://wordpress.org/patterns/new-pattern/.
3. Open DevTools → Network, filter by NotoSerif — before this fix you see 3 × 404 requests to /patterns/new-pattern/NotoSerif/.... After this fix those requests are absent.
4. In Network, filter by global-styles — before this fix GET /wp-json/wp/v2/global-styles/{id}?context=view returns 403. After this fix it returns 200.
5. Open DevTools → Console — confirm zero errors (previously 3–4, including CORS-related ones).
6. Insert a paragraph block and set its font family to a Noto Serif variant — verify the font renders correctly in the editor canvas.
7. Confirm the editor loads and functions normally with no JS errors or regressions.

[bor0]

cc @thilinah for review

[Copilot]

Pull request overview

This PR addresses missing styles in the pattern creator editor canvas by (1) fixing relative @import resolution for remote editor styles lacking baseURL, and (2) allowing authenticated users to fetch wp_global_styles via the REST API to prevent 403/CORS errors.

Changes:

• Adds a block_editor_settings_all filter to rewrite relative @import "./..." paths to absolute URLs (and sets baseURL) when editor styles are remote-fetched without a baseURL.
• Adds a map_meta_cap filter to allow logged-in users to read_post for wp_global_styles during REST requests.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.