How can I fix the 'Missing Cross-Origin Resource Sharing (CORS) Response Header' webfont issue?
Solution 1
In your HTML you have set a "base" tag:
<base href="http://www.cyclistinsuranceaustralia.com.au/">
- Delete that line from your HTML if you don't need it. This should make the fonts work when viewed from http://cyclistinsuranceaustralia.com.au.
- You'll probably need to redirect http://www.cyclistinsuranceaustralia.com.au to http://cyclistinsuranceaustralia.com.au
Solution 2
If you are just interested in the use of Access-Control-Allow-Origin:*
You can do that with this .htaccess file at the site root.
Header set Access-Control-Allow-Origin "*"
Some useful information here: http://enable-cors.org/server_apache.html
Solution 3
I'm going to assume your host is using C-Panel - and that it's probably HostGator or GoDaddy. In both cases they use C-Panel (in fact, a lot of hosts do) to make the Server administration as easy as possible on you, the end user. Even if you are hosting through someone else - see if you can log in to some kind of admin panel and find an .htaccess file that you can edit. (Note: The period before just means that it's a "hidden" file/directory).
Once you find the htaccess file add the following line:
-
Header set Access-Control-Allow-Origin "*"Just to see if it works. Warning: Do not use this line on a production server
It should work. If not, call your host and ask them why the line isn't working - they'll probably be able to help you quickly from there.
- Once you do have the above working change the
*to the address of the requesting domainhttp://cyclistinsuranceaustralia.com.au/. You may find an issue with canonical addressing (including the www) and if so you may need to configure your host for a redirect. That's a different and smaller bridge to cross though. You'll at least be in the right place.
Solution 4
In your particular case the issue seem to be with accessing the site from non-canonical url (www.site.com vs. site.com).
Instead of fixing CORS issue (which may require writing proxy to server fonts with proper CORS headers depending on service provider) you can normalize your Urls to always server content on canonical Url and simply redirect if one requests page without "www.".
Alternatively you can upload fonts to different server/CDN that is known to have CORS headers configured or you can easily do so.
MeltingDog
Updated on February 12, 2020Comments
-
MeltingDog about 4 years
For some reason fonts have stopped rendering on my sites. The fonts are stored locally, on the same server as the site.
I looked up the problem and it seems to be a
Missing Cross-Origin Resource Sharing (CORS) Response Headerbut I cannot understand the solution for this.All the various sites say to do is to use:
Access-Control-Allow-Origin:*But as I'm primarily front end I do not know where to put it. Is this something my host can help with?
What can I do to fix the issue?
EDIT:
the site in question is: http://cyclistinsuranceaustralia.com.au/
The phone number, for example, at the top right should be Bebas font but it is defaulting to Impact.
In the console, I get the errors:
Font from origin 'http://www.cyclistinsuranceaustralia.com.au' has been blocked from loading by Cross-Origin Resource Sharing policy: The 'Access-Control-Allow-Origin' header has a value 'http://www.cyclistinsuranceaustralia.com.au' that is not equal to the supplied origin. Origin 'http://cyclistinsuranceaustralia.com.au' is therefore not allowed access.
I contact my host who said to put:
Access-Control-Allow-Origin "http://www.cyclistinsuranceaustralia.com.au"in my .htaccess file but this has no change.