I have my main site (website.com) and a sub domain (fancy.website.com), however I am getting
Access to font at 'social icons souce' from origin 'fancy.website.com'
has been blocked by CORS policy: No 'Access-Control-Allow-Origin'
header is present on the requested resource.
I made sure that both of the sites are using HTTPS, and my htaccess looks like this:
Header set Access-Control-Allow-Origin *.website.com
<FilesMatch "\.(eot|ttf|otf|woff)">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
here is what it looks like on my website.com icons showing up and on fancy.website.com broken icons
I've cleared my caches, and the social icons the sub domain is trying to get show up on the main website. What can I do next to get them to show up?
Related
I really don't understand how anchor tag downloads should work, I get that when CORS is not enabled I can not do for example this:
<a download href="https://www.NotMyHost.com/foo.mp4">Download Video</a>
but when the access-control-allow-origin: * header is present, this should be doable, right?
and if yes, then what is the problem with this tag?
<a download href="https://www.radiantmediaplayer.com/media/big-buck-bunny-360p.mp4">Download Video</a>
the source here has the access-control-allow-origin: * response header, but it still refuses to download.
but when the access-control-allow-origin: * header is present, this should be doable, right?
No. The download attribute is not supported on cross-origin requests.
To trigger a download the server hosting the file should set a Content-Disposition HTTP response header.
When opening my page I can see the cache-control header is set the right way. I look into the Network tab and check the Response. It says
<meta http-equiv="Cache-Control" content="no-cache"/>
Now looking into the Header tab I can not find this header in the Response Header section.
Also other headers set by the meta tag like <meta http-equiv="X-UA-Compatible" content="IE=edge"/>are not listed here:
I read this Is Chrome ignoring Cache-Control: max-age? which mentions that you should open the url in a new tab but I tried that and many other things. Still no look for this headers to be visible.
Any idea what is wrong here?
The header tab show the HTTP headers, not the meta http-equivs in HTML head.
You have to set this HTTP header in your webserver configuration or from within your programming in order to see it in the Response Header section
If you want to check, if your Cache-Control setting is working, don't just reload the page in your browser, but click in the address box and hit enter with the network tab in developer tools open and check the response code.
I have a iframe which has insecure source http://example.com inside my site (https://example.com) and I have a CSP policy <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> to get rid of the Mixed Content error. This works fine as the insecure request gets upgraded as https://example1.com. But the example1.com redirects the request to another domain which is insecure again as http://example2.com and it is blocked by the CSP as a mixed content loading in a secured site. I need to fix this and tried few ways of white listing both the domains to make sure the are not get blocked by using <meta http-equiv="Content-Security-Policy" content="child-src self http://example1.com http://example1.com">.
And I read about the CSP specifications to know more about to solve the issue but couldn't get any. Have any one faced the same issue and know any solutions?
We're having a page where we're serving images from amazon S3 that are getting cached. However, they've might been changed on a second page.
The issue now is that when I click on a link with the url to the previous pages, the images are not reloaded.
However, doing a refresh in the browser on the page afterwards correctly loads the new images. I am curious why is that because the image cache headers are correct (as can be seen from manual refresh) and what do to to handle this properly aka reload the new images when going to the previous page with a simple url link?
Try This.
function myFunction() {
location.reload();
<button onclick="myFunction()">Reload page</button>
Reference : Here
You can add a random dummy variable to your link. You don't use the value of the variable but the link is different, thus, the brwoser will reload the page without cache.
For example:
Link
If you have an access to the .htaccess file you can add this
<filesMatch "\.(jpg|jpeg|png|bmp)$">
FileETag None
<ifModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</ifModule>
</filesMatch>
to prevent chaching images.
Hello I am working with Magento Version 1.9.0.1 I have been racking my head over and over and I can not get this to work. Any subdomain to my primary domain is not rendering the font-icons that came with the theme, the primary domain however is showing these icons. On another note Safari is rendering my font-icons from my subdomain but Chrome and FireFox are not. Here is what the Chrome Dev Console is outputting
Font from origin 'http://brandster.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://breezesta.brandster.com' is therefore not allowed access.
I did add this to the .htaccess file of the subdomain
<FilesMatch "\.(ttf|otf|eot|woff|font.css)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>
and it is still not working. Can anyone please shed some light on this issue. Thanks in advance.
Seems as if your htaccess is blocking the use of files from other domains including sub-domains. Maybe try and see if this works?
<FilesMatch "\.(ttf|otf|eot|woff|font.css)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*.brandster.com"
</IfModule>
</FilesMatch>
So if that works for you.