Tagged: 

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • December 12, 2014 at 8:59 am #367152
    benteasbjorn

    I have some problems with one of my websites using enfold: it shows iconfont in different ways… in Opera it shows normal, in firefox it shows smal boxes with pixeltext E36, and in Google Crome it shows chinese signs… so….
    What can I do to fix it?
    I have latest update from wordpress.

    December 12, 2014 at 10:06 pm #367516
    Elliott

    Hi benteasbjorn!

    It looks like all of your content is loading from a different URL that your domain. I found this post which may help, https://kriesi.at/support/topic/icons-in-icon-box-are-chinese-characters/.

    Here is what I am seeing in firebug. (I removed the URL)

    Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at [insert different domain]/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.woff?v=3. This can be fixed by moving the resource to the same domain or enabling CORS.

    I’m not really sure if this is a good fix or not but you can try adding this to your .htaccess file.

    Header set Access-Control-Allow-Origin "*"

    Since your server is on linux it’s probably using Apache, http://enable-cors.org/server_apache.html.

    Regards,
    Elliott

    January 25, 2017 at 10:41 pm #738636
    galpinr

    Header set Access-Control-Allow-Origin “*” is giving me a CORS issues in a security scan. I am assuming that somewhere the theme is setting Access-Control-Allow-Origin “*”.

    I want to set the site to the “same origin policy.” How can I do that? And is there a way to test it to see if CORS is turned off as I have no need to share with another domain.

    The site is being developed on a private network so I can’t provide a link to it at this time.

    Thanks

    January 30, 2017 at 4:12 pm #740245
    Yigit

    Hi,

    Please refer to this post – http://kriesi.at/documentation/enfold/enable-cors/

    Best regards,
    Yigit

    January 30, 2017 at 4:23 pm #740257
    galpinr

    The security scan on my site is getting a CORS vulnerability on [mysite].com/wp-json/. The only effective remediation I could find was to disable that URL in .htaccess.

    # wp-json was exposing a CORS security vulnerability
<FilesMatch ".*wp-json$">
Order Allow,Deny
Deny from all
</FilesMatch>

    Is that going to create any unexpected problems for the site? It doesn’t appear to so far. Thanks

    January 31, 2017 at 4:26 pm #740722
    Yigit

    Hi,

    It seems fine. Glad you figured it out.
    Let us know if you have any other questions or issue :)

    Best regards,
    Yigit

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • The topic ‘iconfont in Enfold shows different signs in different browsers’ is closed to new replies.