Font from subdomain has been blocked by Cross-Origin Resource Sharing Policy

Question

I'm having the following error Font from origin 'http://static.example.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.example.com' is therefore not allowed access.

I am using the following COR setting in .htaccess file here below

<IfModule mod_expires.c>
  ExpiresActive on
  ExpiresDefault "access plus 1 month"
  ExpiresByType text/cache-manifest "access plus 0 seconds"

  ........

  <IfModule mod_headers.c>
     Header append Cache-Control "public"
     <FilesMatch "\.(ttf|otf|eot|woff|svg)$">
       SetEnvIf Origin "^http://(.*)?example.com$" origin_is=$0
       Header set Access-Control-Allow-Origin %{origin_is}e env=origin_is
     </FilesMatch>
     <FilesMatch "\.(js|css|xml|gz)$">
       Header append Vary: Accept-Encoding
     </FilesMatch>
  </IfModule>
</IfModule>

Please I need help with this

Answer 1

Try this in your .htaccess file:

# Allow font assets to be used across domains and subdomains
<FilesMatch "\.(ttf|otf|eot|woff|woff2)$">
  <IfModule mod_headers.c>
     Header set Access-Control-Allow-Origin "*"
  </IfModule>
</FilesMatch>

You can read more about this issue in this excellent article I found: https://expressionengine.com/learn/cross-origin-resource-sharing-cors

Answer 2

You can also try this

<FilesMatch ".(eot|ttf|otf|woff)">
    Header set Access-Control-Allow-Origin "*"
</FilesMatch>

More at https://davidwalsh.name/cdn-fonts

Answer 3

Try adding this to your .htaccess file:

Header add Access-Control-Allow-Origin "http://example.com"

Alternative:

Header add Access-Control-Allow-Origin "*"