Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Cross-Origin Resource Sharing policy Font

Tags:

amazon-cloudfront

I am using W3 Total Cache with Amazon cloudfront. I have in my htaccess file:

# BEGIN W3TC CDN
<FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css)$">
<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>
# END W3TC CDN

But still getting error:

Font from origin 'https://example.cloudfront.net' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.example.com' is therefore not allowed access.

Why is this happening?

like image 909
JoaMika Avatar asked Aug 31 '16 10:08

JoaMika

People also ask

How do I fix my cross-origin policy?

Use a Serverless Function. A more commonly used solution to resolve CORS error is to use a serverless function. It is an alternate way to proxy your requests, but instead of relying on a free third-party service, you can build your micro-infrastructure to call a web service and feed data to an API endpoint.

What is CORS Cross-Origin Resource Sharing policy?

Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. With CORS support, you can build rich client-side web applications with Amazon S3 and selectively allow cross-origin access to your Amazon S3 resources.

What is considered cross-origin CORS?

Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources.

How do I fix CORS error in HTML?

to fix the error, you need to enable CORS on the server. The client expects to see CORS headers sent back in order to allow the request. It might even send a preflight request to make sure that the headers are there. You can enable CORS server side for one, multiple, or all domains hitting your server.

2 Answers

Found the solution in this link: https://www.naschenweng.info/2014/09/23/wordpress-w3-total-cache-cloudfront-font-cors-issue/.

You need to change the CloudFront distribution's behaviors settings:

  • Change “Forward Headers” from “None” to “Whitelist”
  • Add “Origin” to the “Whitelist Headers”
  • Make sure that “Use Origin Cache Headers” is checked

Then invalidate the cached fonts.

like image 196
Yao Avatar answered Oct 26 '22 02:10

Yao

Wrestling with this for days, and think I finally fixed it. Here are some things to check:

  • The webserver config should add the proper header. Apache syntax is listed in the question. Here's Nginx syntax that I used:

location ~* \.(eot|ttf|woff|woff2)$ { add_header Access-Control-Allow-Origin '*'; }

  • Within W3TC > Performance > CDN > Custom File List, I added the following to upload the actual font files:

{plugins_dir}/*.ttf {plugins_dir}/*.woff

  • While you're there, set the Theme file types to upload to the following. Per @Yao's link, the default separators are inconsistent (should all be semicolons, not commas)

*.css;*.js;*.gif;*.png;*.jpg;*.ico;*.ttf;*.otf;*.woff;*.less

  • In S3 > Permissions > CORS Configuration, change the default

<AllowedHeader>Authorization</AllowedHeader> to: <AllowedHeader>*</AllowedHeader> You should start seeing the necessary Access-Control-Allow-Origin header in the response.

  • In CloudFront > Distribution > Behaviors, make the following changes:

    1. Change Allowed HTTP Methods to GET, HEAD, OPTIONS (you need OPTIONS)
    2. Change Forward Headers to Whitelist
    3. Under Whitelist Headers, Add >> Origin

  • To test:

curl -I -s -X GET -H "Origin: www.example.com" https://abcdefg543210.cloudfront.net/wp-content/path/to/foo.ttf

This should give you back the following header:

Access-Control-Allow-Origin: * X-Cache: Miss from cloudfront

I found this blog post to be pretty helpful: http://blog.celingest.com/en/2014/10/02/tutorial-using-cors-with-cloudfront-and-s3/

like image 44
Robert Chen Avatar answered Oct 26 '22 04:10

Robert Chen
Sign in to Comment

Related questions

Invalid paths using CloudFront create invalidation in C#
Amazon Cloudfront timeout error
Avoid CORS with AWS Cloudfront, and clean SPA urls
AccessDeniedException while creating AWS Web Cloudfront Distribution
Cookies set, but not sent to Cloudfront
Serving private content from CloudFront with Signed Cookies
How can I debug AWS Cloudfront signed URL access denied?
How does Amazon CloudFront compare with Limelight or Akamai?
Replacing varnish with aws cloudfront
Use AWS S3 vs Cloudfront
How can I use AWS CloudFront and API Gateway side by side for the same domain?
hls.js CORS using AWS Cloudfront issues with Cookies
AWS Cloudfront distribute multilingual angular apps
Angular S3 Static Website - 403 Forbidden Routing Error
Next.js: How to make links work with exported sites when hosted on AWS Cloudfront?
Add content-type for specific file types in Amazon CloudFront?
Presigned S3 URLs with Cloudfront
Amazon S3 + CloudFront query for specific version of stored file
Why is Cloudfront evicting objects from cache within mere hours?
Surviving a reboot with AWS CloudFront

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!