来源的字体已被跨源资源共享策略阻止加载 [英] Font from origin has been blocked from loading by Cross-Origin Resource Sharing policy

问题描述

我在几个Chrome浏览器上收到以下错误，但并非全部。目前不完全确定问题是什么。

源自a aaref =https：//ABCDEFG.cloudfront的字体。 net> https://ABCDEFG.cloudfront.net '被跨源资源共享策略阻止加载：在请求的资源上没有Access-Control-Allow-Origin头。原因 https://sub.domain.com 因此不允许访问。

我在S3上有以下CORS配置

 < CORSConfiguration> 
< CORSRule> 
< AllowedOrigin> *< / AllowedOrigin> 
< AllowedHeader> *< / AllowedHeader> 
< AllowedMethod> GET< / AllowedMethod> 
< / CORSRule> 
< / CORSConfiguration> 
  

请求

 远程地址：1.2.3.4：443 
请求URL：https：//abcdefg.cloudfront.net/folder/path/icons-f10eba064933db447695cf85b06f7df3.woff 
请求方法：GET 
状态码：200 OK 
请求头
接受：* / * 
接受编码：gzip，deflate 
 Accept-Language：en-US，en; q = 0.8 
 Cache-Control：no-cache 
连接：keep-alive 
主机：abcdefg.cloudfront.net 
原产地：https：//sub.domain.com 
 Pragma ：no-cache 
 Referer：https：//abcdefg.cloudfront.net/folder/path/icons-e283e9c896b17f5fb5717f7c9f6b05eb.css 
 User-Agent：Mozilla / 5.0（Macintosh; Intel Mac OS X 10_9_4）AppleWebKit /537.36（KHTML，like Gecko）Chrome / 37.0.2062.94 Safari / 537.36 
  

Cloudfront /

将此规则添加到您的 .htaccess p>

 标题添加Access-Control-Allow-Origin*
  

更好，根据@david thomas的建议，您可以使用特定的域值，例如

 标题新增Access-Control-Allow-Originyour-domain.com
  

I'm receiving the following error on a couple of Chrome browsers but not all. Not sure entirely what the issue is at this point.

Font from origin 'https://ABCDEFG.cloudfront.net' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://sub.domain.com' is therefore not allowed access.

I have the following CORS Configuration on S3

<CORSConfiguration>
 <CORSRule>
   <AllowedOrigin>*</AllowedOrigin>
   <AllowedHeader>*</AllowedHeader>
   <AllowedMethod>GET</AllowedMethod>
 </CORSRule>
</CORSConfiguration>

The request

Remote Address:1.2.3.4:443
Request URL:https://abcdefg.cloudfront.net/folder/path/icons-f10eba064933db447695cf85b06f7df3.woff
Request Method:GET
Status Code:200 OK
Request Headers
Accept:*/*
Accept-Encoding:gzip,deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Host:abcdefg.cloudfront.net
Origin:https://sub.domain.com
Pragma:no-cache
Referer:https://abcdefg.cloudfront.net/folder/path/icons-e283e9c896b17f5fb5717f7c9f6b05eb.css
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 Safari/537.36

All other requests from Cloudfront/S3 work properly, including JS files.

解决方案

Add this rule to your .htaccess

Header add Access-Control-Allow-Origin "*" 

even better, as suggested by @david thomas, you can use a specific domain value, e.g.

Header add Access-Control-Allow-Origin "your-domain.com"

这篇关于来源的字体已被跨源资源共享策略阻止加载的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！