Fonts served via Cloudfront are broken in Firefox due to the "bad URI or cross-site access not allowed" issue. To fix this, I understand that I need to set the "Access-Control-Allow-Origin" header to a wildcard or the source domain.
The problem that I am having is that Cloudfront does not seem to be accepting headers from the origin.
For example, the following is the list of headers I get when I ping my server for the font:
curl -I -s "https://mysite.com/wp-content/themes/my-theme/includes/fonts/ProximaNova-Reg-webfont.ttf"
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 29 Jan 2014 16:03:03 GMT
Content-Type: application/x-font-ttf
Content-Length: 44992
Last-Modified: Tue, 28 Jan 2014 22:21:41 GMT
Connection: keep-alive
ETag: "52e82d75-afc0"
Expires: Thu, 29 Jan 2015 16:03:03 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: https://mysite.com
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 3600
Accept-Ranges: bytes
Everything looks good with this response; however, when I ping Cloudfront for the same resource, I get:
curl -I -s "https://ds6dj5kp03o39.cloudfront.net/wp-content/themes/my-theme/includes/fonts/ProximaNova-Reg-webfont.ttf"
HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 44992
Connection: keep-alive
Date: Wed, 29 Jan 2014 16:22:30 GMT
Server: Apache/2.2.16 (Debian) mod_ssl/2.2.16 OpenSSL/0.9.8o
Last-Modified: Wed, 22 Jan 2014 02:44:45 GMT
ETag: "5d633-afc0-4f0861b87a140"
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Wed, 29 Jan 2014 17:22:30 GMT
X-Cache: Miss from cloudfront
Via: 1.1 850e11212c3f83bfb138469e9b3b7718.cloudfront.net (CloudFront)
X-Amz-Cf-Id: M4qkj9FwjdAUW91U4WeZzxEI0m7vOmiQvryS55WwoeU5Ks11IC71ig==
It seems that all of the origin headers are completely ignored. My question is, how do I get Cloudfront to accept my asset headers, especially the critical "Access-Control-Allow-Origin" header?
Thanks for the help!
If you want OPTIONS responses to be cached, do the following: Choose the options for default cache behavior settings that enable caching for OPTIONS responses. Configure CloudFront to forward the following headers: Origin , Access-Control-Request-Headers , and Access-Control-Request-Method .
To create an origin access controlSign in to the AWS Management Console and open the CloudFront console at https://console.aws.amazon.com/cloudfront/v3/home . In the navigation pane, choose Origin access. Choose Create control setting.
If the server is under your control, add the origin of the requesting site to the set of domains permitted access by adding it to the Access-Control-Allow-Origin header's value. You can also configure a site to allow any site to access it by using the * wildcard. You should only use this for public APIs.
If you are coming to this at a later date, and have this issue with a custom origin that IS correctly serving the Access-Control-Allow-Origin header already, here's two things I checked / tried:
Apache
To set right mime-types for font files, add this lines to config:
AddType application/vnd.ms-fontobject .eot
AddType application/x-font-ttf .ttf
AddType application/font-woff .woff
If you can't edit config, create .htaccess
file in folder with your
project and add lines there.
For CORS headers add the code below:
<FilesMatch ".(eot|ttf|otf|woff)">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
You will need to run service apache2 restart
once you make these changes and if you receive the error Invalid command 'Header'
then it means you haven't enabled the mod_header module in Apache which you can do with a2enmod headers
nginx
By default nginx has no default mime types for fonts, and wrong mimy
type for .eot
files. Got to folder with configs and find where mime
types are defiled. Usually, that's in mimes.conf file.
Search .eot
and string with it.
Add strings below:
application/vnd.ms-fontobject eot;
application/x-font-ttf ttf;
application/font-woff woff;
For CORS headers, add something like this to your vhost config
location ~* \.(eot|ttf|woff)$ {
add_header Access-Control-Allow-Origin *;
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With