Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Firefox does not render fonts from CloudFront

I have a Rails app, hosted on Heroku. During deployment assets are synced with an Amazon S3 bucket via the asset_sync gem and views call those assets through CloudFront. However, fonts are not rendered when viewing the website with Firefox (files are loaded in the Net tab of Firebug, but simply not used). Safari works great.

I have the following CORS config on S3:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <AllowedHeader>Content-*</AllowedHeader>
    <AllowedHeader>Host</AllowedHeader>
</CORSRule>
</CORSConfiguration>

My app also sets the following headers:

Access-Control-Allow-Origin: *
Access-Control-Request-Method: *

But CloudFront returns fonts without them... Why aren`t fonts loaded? Thanks in advance.

like image 225
Dimitar Vouldjeff Avatar asked Sep 25 '13 13:09

Dimitar Vouldjeff


People also ask

What does RefreshHit from CloudFront mean?

If the X-Cache header is "Hit from cloudfront" or "RefreshHit from cloudfront," then the request was served from the cache of the edge location. Review the rest of the response for the Cache-Control, Expires, and Age headers.

How do I know if CloudFront is caching?

To display CloudFront cache statisticsSign in to the AWS Management Console and open the CloudFront console at https://console.aws.amazon.com/cloudfront/v3/home . In the navigation pane, click Cache Statistics.

How long does a CloudFront invalidation take?

Object invalidations typically take from 10 to 100 seconds to complete. You can check the status of an invalidation by viewing your distribution from the CloudFront console.


2 Answers

Some versions of Internet Explorer and Firefox consider fonts an attack vector and will refuse loading them if they are being provided by another domain (cross domain policy).

On standard HTTP servers all you need to do is add the Access-Control-Allow-Origin: * header to bypass the CORS policy. The problem is S3 doesn’t support sending it. (Though according to the specification it should support CORS, the header is not sent).

There is a workaround. CloudFront can be pointed at another server that can send the Access-Control-Allow-Origin header (You can do that with the server that serves your app ;) ).

This can be done by adding a Custom Origin to your CloudFront distribution from the AWS Console. Next you will have to add Behaviours with your font types and the newly added Origin. You can use wildcards for the filename. (You’ll need to do this once for each font type that you have).

Example:

Path Pattern: /assets/*.woff

When ready you can validate the header existence with:

curl -I http://cloudfrontid.cloudfront.new/assets/font.woff

Hopefully you will see the Access-Control-Allow-Origin header, provided by your server along with the file itself, cached by CloudFront with the header included.

Hope it helps!

like image 70
Itay Grudev Avatar answered Oct 05 '22 07:10

Itay Grudev


Try invalidating your (cached) font files in Cloudfront: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Invalidation.html#invalidating-objects-console

I had a similar issue today. I read an article that suggested CORS configurations are cached in CloudFront. I resolved my issue by invalidating my font files.

like image 31
smockle Avatar answered Oct 05 '22 05:10

smockle