-
Posts
-
Hi there,
for some reason all my font files trigger a warning when being loaded. I checked the FireFox console and this is the warning message I’m getting: “Missing Cross-Origin Resource Sharing (CORS) Response Header”
Now, I’ve searched the forums and found this solution right here in the Enfold Documentation (https://kriesi.at/documentation/enfold/icon/#icons-are-showing-as-rectangular-boxes-). However, I don’t think that CORS is actually the problem. I have multiple sites on the same server and all of them use Enfold and almost the exact same plugins and none of them have ever had this issue.
Also, I was told that the suggested .htaccess fix
<FilesMatch ".(ttf|otf|woff)$"> <IfModule mod_headers.c> Header set Access-Control-Allow-Origin "*" </IfModule> </FilesMatch>isn’t something you want to have in your .htaccess if it’s a live website. On a dev server maybe, but not the live version. However, I’m not a developer, so I don’t really know whether or not this actually is a safety concern. Either way, I’d like to get to the root of the problem and not fight the symptoms instead by editing my .htaccess file.
- Here’s something I’ve noticed which may help you guys help me resolve this issue:
I use 2 caching and minification plugins (Autoptimize and Cache Enabler) and have been for quite a while now. These 2 usually work perfectly together. However, when I delete either of the static files (the cache created by Cache Enabler or the minified files by Autoptimize) everything works fine for a while. No errors, no issues, all good. But a couple of hours later, it happens again.
I haven’t tried disabling the plugins yet, to test if the fonts break again, because A) I need those plugins and B) I know for a fact they work fine together, so the root of the problem must be something else.
EDIT: I just deleted the cache, so the issue is, as of right now (2:35pm, UTC+1) temporarily fixed. I won’t touch the site now, so the problem can resurface and you guys can see for yourself. I’ll edit this post, once that has happened.
Thank you in advance for helping me out!
Hey tixxpff,
Thank you for using Enfold.
Did you put the WordPress files on a different domain? You wouldn’t be having this issue if the resources are located on the same domain.
I’m not seeing the issue right now. The CORS directive in your .htaccess enables other sites or domains from accessing resources from the site where the font files (ttf|otf|woff) are located. There’s no security risk in there unless scripts are allowed but you’re just allowing font files so it’s quite safe. You can also configure it so it will only allow a specific domain.Header set Access-Control-Allow-Origin: https://www.this-site-can-access-me.comBest regards,
IsmaelHi Ismael,
the font files should be on the same domain. I uploaded them via the enfold font importer. Also, it’s not just the custom fonts I uploaded, but some of the enfold standard font files seem to be affected, too. And I’ve never even touched those.
The issue is happening again by the way. You may have to clear your browser cache to see it.
Just in case you still can’t see the issue in your browser, I’ve pasted the exact warning messages FireFox is giving me in the box below.Okay, I just checked Chrome to see what the error message says there and I think I figured it out. The CORS error message in Google Chrome reads like this:
Access to Font at ‘https://MYDOMAIN/wp-content/uploads/avia_fonts/type_fonts/muli-v11-latin/muli-v11-latin-regular.woff’ from origin ‘http://MYDOMAIN’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://MYDOMAIN’ is therefore not allowed access.
My website is running on https:// but for some reasons the fonts seem to be loaded via http://
I’ve used a plugin to search & replace any instance of “http://MYDOMAIN” and changed it to “https://MYDOMAIN” and I’ve also re-imported the Google fonts. The cache had to be deleted, too, so you probably won’t see the issue anymore now.
I’ll update this thread in case this actually solved the problem or if I still need assistance.
Thank you!Didn’t help. I’m already seeing it again on Google Chrome.
EDIT: Ok, could it be that because neither my domain settings nor my .htaccess file were specifically forcing an https-connection, that when I type in “mydomain.de” in the URL bar (no “https, no “www”) that in some cases I landed on the HTTP version of it, which then triggered the CORS error, because the fonts were on https://mydomain.de but I was visiting http://mydomain.de?
I’ve enabled “Force HTTPS” in my domain settings now. I’ll wait and see if the issue pops up again or if this has finally resolved it.Hi,
Is it possible to post a link to the site question?
I’ve helped a number of people with mixed / cross content issues and may be able to shed some light.Thanks
TJ
Hi,
@tixxpff: Alright. Let us know if you encounter the issue again.
If you have the time, try to delete the font file and then make sure that you’re on a secure connection (https) before uploading the font files back.
@tjswarbs78: Thanks for the help!Best regards,
IsmaelSeems like forcing https has fixed it. Didn’t even think of that at first.
Thanks to everyone trying to help me out.
- The topic ‘Missing Cross-Origin Resource Sharing (CORS) Response Header’ is closed to new replies.