[solved] CORS error for fonts and icons

Discussion in 'Installation/Configuration' started by AxelssonDesign, Jun 11, 2017.

  1. Hello,
    I inserted this code to my website option https://eistnaflug.is/heim-copy/ :

    Code:
    location ~ \.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$ {
        add_header "Access-Control-Allow-Origin" "*";
        expires 1M;
        access_log off;
        add_header Cache-Control "public";
    }

    Still I'm getting this error on my wordpress site:

    Code:
    Access to Font at 'https://da8dsugrl65ch.cloudfront.net/fonts/fontawesome-webfont.woff2?v=4.7.0' from origin 'https://eistnaflug.is' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://eistnaflug.is' is therefore not allowed access. The response had HTTP status code 403.
    (index):1 Access to Font at 'https://da8dsugrl65ch.cloudfront.net/fonts/fontawesome-webfont.woff?v=4.7.0' from origin 'https://eistnaflug.is' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://eistnaflug.is' is therefore not allowed access. The response had HTTP status code 403.
    (index):1 Access to Font at 'https://da8dsugrl65ch.cloudfront.net/fonts/fontawesome-webfont.ttf?v=4.7.0' from origin 'https://eistnaflug.is' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://eistnaflug.is' is therefore not allowed access. The response had HTTP status code 403.
    2yUAtx3O-LV4:1 XMLHttpRequest cannot load https://googleads.g.doubleclick.net/pagead/id. Redirect from 'https://googleads.g.doubleclick.net/pagead/id' to 'https://googleads.g.doubleclick.net/pagead/id?dpt=1' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.youtube.com' is therefore not allowed access.
    How to fix ?
     
  2. ahrasis

    ahrasis Active Member

    Not sure about other lines but try changing the second line to "add_header Access-Control-Allow-Origin *;" instead.
     
  3. Changed the line and still get the same error:

    Code:
    Access to Font at 'https://da8dsugrl65ch.cloudfront.net/fonts/fontawesome-webfont.woff2?v=4.7.0' from origin 'https://eistnaflug.is' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://eistnaflug.is' is therefore not allowed access. The response had HTTP status code 403.
    (index):1 Access to Font at 'https://da8dsugrl65ch.cloudfront.net/fonts/fontawesome-webfont.woff?v=4.7.0' from origin 'https://eistnaflug.is' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://eistnaflug.is' is therefore not allowed access. The response had HTTP status code 403.
    (index):1 Access to Font at 'https://da8dsugrl65ch.cloudfront.net/fonts/fontawesome-webfont.ttf?v=4.7.0' from origin 'https://eistnaflug.is' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://eistnaflug.is' is therefore not allowed access. The response had HTTP status code 403.
    3yUAtx3O-LV4?controls=0&showinfo=0&enablejsapi=1&origin=https%3A%2F%2Feistnaflug.is&widgetid=1:1 XMLHttpRequest cannot load https://googleads.g.doubleclick.net/pagead/id. Redirect from 'https://googleads.g.doubleclick.net/pagead/id' to 'https://googleads.g.doubleclick.net/pagead/id?dpt=1' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.youtube.com' is therefore not allowed access.
     
  4. Farsus

    Farsus New Member

  5. ahrasis

    ahrasis Active Member

    Did you restart nginx after making the said changes?
    If that does not work, try removing "font.css|" in the first line and restart nginx again.
     
    Last edited: Jun 12, 2017
  6. @ahrasis - thanks for replay.
    now the font and icons are without errors but now I get this error:

    Code:
    XMLHttpRequest cannot load https://googleads.g.doubleclick.net/pagead/id. Redirect from 'https://googleads.g.doubleclick.net/pagead/id' to 'https://googleads.g.doubleclick.net/pagead/id?dpt=1' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.youtube.com' is therefore not allowed access.
     
  7. ahrasis

    ahrasis Active Member

    There is no fix for that yet so far that I know. You can read more about it here.

    And for a note regarding the "add_header Access-Control-Allow-Origin *;" is that it is allowing all domains / ips and if you allow .js, that means your page may be hijacked / manipulated. The best practice is to limit the source and the type of file to that that you really need only. Do google around for further explanations and samples.
     

Share This Page