I'm working on a site for a corporation that uses their own customized, locked-down version of IE8 (including Developer Tools being switched off, yay). I recently added webfonts to the site. These render as expected even under the corporation's own IE8 when viewed as static pages stored locally on one of their computers, but they do not render at all when served from a running system accessed over a network.
I expected that the problem was due to IE8's default setting of displaying intranet sites in compatibility mode. Sure enough, as long as the site is included in this zone, webfonts do not render correctly. If I add the site to the Trusted zone, the webfonts appear as expected.
The catch is, "Display intranet sites in compatibility mode" is actually switched off, so the zone shouldn't make a difference as far as compatibility mode goes. I don't think the corporation's admins are overriding this setting, because the registry keys for "IntranetCompatibilityMode" and "AllSitesCompatibilityMode" (which I can view but not edit) are both set to 0. Additionally, we are explicitly requesting standards mode by setting the HTML5 doctype and setting both the response header and the meta tag for X-UA-Compatible to IE=edge.
Because I don't have the IE Developer Tools available, I cannot verify for certain that the reason the webfonts are not displaying while in the intranet zone is because the page is being rendered in compatibility mode. So my questions are:
Problem identified and compatibility mode is not the cause. I looked into the difference in security settings between the zones and found that the corporate admins have deactivated the setting to allow "Download Fonts" in the Intranet zone. This applies even though the fonts are hosted on the same domain.