关于跨域请求的一些问题
2017-12-26 10:25
316 查看
The Problem
Usually web browsers forbids cross-domain requests, due the same origin security policy. That's why using web-fonts from remote domain may cause an error in your browser.<style type="text/css"> @font-face { font-family: 'OpenSans'; src: url('https://test.zinoui.com/cross-domain-fonts/disabled/OpenSans.woff2') format('woff2'); } html, body{ font: normal 16px OpenSans, sans-serif; } </style>
If you ever see this error in your browser, you should know that cross-origin policy is applied.
![](https://static.zinoui.com/img/blog/font-origin-blocked.png)
The Solution
To overcome cross-origin restrictions, the response from remote server must include theAccess-Control-Allow-Origin header.
If you're using font services as
Typekit and
Google Fonts, or content delivery networks as
BootstrapCDN,
CdnJS and
JsDelivr to load your prefered fonts you don't need to do anything, because the Access-Control-Allow-Origin header is already presented in their response.
Apache
To configure the Apache web server put the code below into the
httpd.confor
.htaccessfile.
How to correct mime type headers on Apache
AddType application/vnd.ms-fontobject .eot AddType application/x-font-opentype .otf AddType image/svg+xml .svg AddType application/x-font-ttf .ttf AddType application/font-woff .woff AddType application/font-woff2 .woff2
How to enable cross-origin resource sharing (CORS) on Apache
<IfModule mod_headers.c> <FilesMatch ".(eot|otf|svg|ttf|woff|woff2)$"> Header set Access-Control-Allow-Origin "*" </FilesMatch> </IfModule>
nginx
To configure the NGINX web server put the code below into the
/etc/nginx/nginx.confor your custom
/etc/nginx/conf.d/custom.conffile.
How to correct mime type headers on nginx
application/vnd.ms-fontobject eot; application/x-font-opentype otf; image/svg+xml svg; application/x-font-ttf ttf; application/font-woff woff; application/font-woff2 woff2;
How to enable cross-origin resource sharing (CORS) on nginx
location ~* .(eot|otf|svg|ttf|woff|woff2)$ { add_header Access-Control-Allow-Origin *; }
IIS
To configure the Microsoft IIS put the code below into the
web.configsystem.webServer block.
How to enable cross-origin resource sharing (CORS) on IIS
<system.webServer> <httpProtocol> <customHeaders> <add name="access-control-allow-origin" value="*" /> <add name="access-control-allow-headers" value="content-type" /> </customHeaders> </httpProtocol> </system.webServer>
PHP
Can't control the remote server? It's not a problem. Instead of using the font file directly into your styles (CSS) you can use a server script.
How to use a server script rather than a physical font file
<style type="text/css"> @font-face { font-family: 'OpenSans'; src: url('path/to/fonts.php') format('woff2'); } html, body{ font: normal 16px OpenSans, sans-serif; } </style>
How to fix cross-domain @font-face issues with PHP
<?php // fonts.php header("Access-Control-Allow-Origin: *"); header("Content-Type: application/font-woff2"); echo @file_get_contents("http://test.zinoui.com/cross-domain-fonts/disabled/OpenSans.woff2"); ?>
Conclusion
After setting up your server configuration files properly, the above issue should disappear. Let's see how the cross-domain request and response should look like:
![](https://static.zinoui.com/img/blog/font-origin-issue-fixed.png)
相关文章推荐
- 关于跨域请求静态文件配置问题[Access-Control-Allow-Origin]
- 关于post跨域请求数据的问题-包括同源策略
- 关于ajax请求跨域问题解决
- 关于python的bottle框架跨域请求报错问题的处理
- 关于前端跨域 一次动作 两次请求的问题
- 关于js跨域请求的问题
- CORS 关于跨域问题的一些了解
- 关于python的bottle框架跨域请求报错问题的处理
- 【微信支付】分享一个失败的案例 跨域405(Method Not Allowed)问题 关于IM的一些思考与实践 基于WebSocketSharp 的IM 简单实现 【css3】旋转倒计时 【Html5】-- 塔台管制 H5情景意识 --飞机 谈谈转行
- 关于python的bottle框架跨域请求报错问题的处理方法
- 关于ajax跨域问题的一些认知
- 关于Ajax的跨域请求的问题
- 关于cookie的一些测试和跨域问题
- 关于APP请求跨域问题,JAVA后台配置
- 关于ajax 跨域请求问题
- 关于cookie的一些测试和跨域问题
- 关于试用jquery的jsonp实现ajax跨域请求数据的问题
- 关于ajax post请求跨域问题的解决心得
- 关于python的bottle框架跨域请求报错问题的处理
- 微网页关于跨域的一些相关问题