Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Enabling CORS on IIS for only Font files

Tags:

cors

iis-7

fonts

web-config

Is there a way to enable CORS for only files of a certain type on IIS7? I am going off this article (https://www.maxcdn.com/one/tutorial/how-to-use-cdn-with-webfonts/) and noticed that the Apache and nginx examples show that CORS is only enabled if the request is looking for a certain Content-Type, whereas the IIS example shows CORS enabled for everything.

I have CSS that is being referenced on an external site but the font files are being blocked by the browser and wish to enable CORS on IIS7 but only for .woff, .woff2, .tff, .eot, and .svg files. I do not wish to enable CORS for everything if possible.

like image 321
Kyle Plunkett Avatar asked Sep 22 '16 19:09

Kyle Plunkett

People also ask

How do I enable CORS in IIS?

Right click the site you want to enable CORS for and go to Properties. Change to the HTTP Headers tab. In the Custom HTTP headers section, click Add. Enter Access-Control-Allow-Origin as the header name.

How do I turn off strict origin when cross-origin IIS?

You need just need your site to send the HTTP header Access-Control-Allow-Origin with the value * to "turn off" CORs (well allow any origin).

How do I solve CORS issue in IIS?

Enable CORS Using IIS Manager Navigate to the website you need to edit the response headers for. A dialog box will open. For name enter "Access-Control-Allow-Origin" and for Value enter an asterisk ( * ). Click Ok, you are done.

1 Answers

Hackerman's answer is great and it led me to a solution, however, there are a few adjustments that I had to make. The first was placing the rule in the outboundRules section under the rewrite node.

<outboundRules>
    <rule name="Enable CORS for Fonts">
        <match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" />
        <conditions>
          <add input="{REQUEST_URI}" pattern="^[^\?]+\.(ttf|otf|eot|woff|woff2|svg)(\?.*)?$" />
        </conditions>
        <action type="Rewrite" value="*" />
    </rule>
</outboundRules>

Lastly, the regex was updated to prevent requests such as the one below, which would allow someone to request any URL across origins:

/some/critical/javascript/file.js?v=.woff
/api/secure/users?v=.woff

... but it still allows the following

/some/font.woff
/some/font.woff?etag
/some/font.woff?v=123
like image 126
Derek Hunziker Avatar answered Sep 24 '22 04:09

Derek Hunziker
Sign in to Comment

Related questions

CSP allow specific: data:font/woff;base64,"someBase64encoded font", WITHOUT using csp: font-src 'self' data:
How do I increase the font size based on the window width?
Setting a Font with outline Color in C#
Using custom OTF fonts in ggplot2
How is font size calculated?
MacVim: Turn off anti-aliased fonts with advanced rendering enabled
How can one embed a font into a PDF with free linux command line tools? [closed]
Is it possible to use dynamic type sizes with a custom font in SwiftUI?
What is iOS 9.3 system font name?
what font is used on most Microsoft-made Windows 8 apps?
Java Swing Font Chooser
What font and size is used in Windows 7 File Explorer Tree
font on visual studio "find symbol results" window
Emacs/OSX Default font setting does not persist
Certain fonts not showing up?
Changing font colors of tabs in Visual Studio 2013 IDE
How can i get default font size in pixels by using JavaScript or JQuery?
Metro-like font for website use [closed]
glyphicons not showing with sass bootstrap integration
Designing labels/text views with custom fonts in Interface Builder

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!