当前位置: 文江博客话题详情

如何添加 Access-Control-Allow-Origin 标头

发布于 2024-10-17 19:51:18 字数 461 浏览 8 评论 0原文

我正在设计一个网站(例如 mywebsite.example),该网站从另一个网站(例如 anothersite.example)加载 font-face 字体。我在 Firefox 中加载字体时遇到问题,我阅读了 此博客

Firefox(支持@font-face 从v3.5开始)不允许跨域 默认字体。这意味着字体 必须从同一域提供 (和子域)除非您可以添加 “Access-Control-Allow-Origin”标头 到字体。

如何将 Access-Control-Allow-Origin 标头设置为字体?

原文

I am designing a website (e.g. mywebsite.example) and this site loads font-face fonts from another site (say anothersite.example). I was having problems with the font face font loading in Firefox and I read on this blog:

Firefox (which supports @font-face
from v3.5) does not allow cross-domain
fonts by default. This means the font
must be served up from the same domain
(and sub-domain) unless you can add an
“Access-Control-Allow-Origin” header
to the font.

How can I set the Access-Control-Allow-Origin header to the font?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

停滞 2024-10-24 19:51:18

所以你要做的是......在字体文件文件夹中放置一个 htaccess 文件,其中包含以下内容。

<FilesMatch "\.(ttf|otf|eot|woff|woff2)$">
  <IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
  </IfModule>
</FilesMatch>

同样在远程CSS文件中,font-face声明需要字体文件的完整绝对URL(本地CSS文件中不需要):

例如,

@font-face {
    font-family: 'LeagueGothicRegular';
    src: url('http://www.example.com/css/fonts/League_Gothic.eot?') format('eot'),
         url('http://www.example.com/css/fonts/League_Gothic.woff') format('woff'),
         url('http://www.example.com/css/fonts/League_Gothic.ttf') format('truetype'),
         url('http://www.example.com/css/fonts/League_Gothic.svg')

}

这将解决问题。需要注意的一件事是,您可以准确指定应允许哪些域访问您的字体。在上面的 htaccess 中,我已指定每个人都可以使用 "*" 访问我的字体,但是您可以将其限制为:

单个 URL:

标头设置 Access-Control-Allow-Origin http://example.com

或以逗号分隔的 URL 列表

Access-Control-Allow -Origin: http://site1.com,http://site2.com

(当前实现中不支持多个值)

So what you do is... In the font files folder put an htaccess file with the following in it.

<FilesMatch "\.(ttf|otf|eot|woff|woff2)$">
  <IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
  </IfModule>
</FilesMatch>

also in your remote CSS file, the font-face declaration needs the full absolute URL of the font-file (not needed in local CSS files):

e.g.

@font-face {
    font-family: 'LeagueGothicRegular';
    src: url('http://www.example.com/css/fonts/League_Gothic.eot?') format('eot'),
         url('http://www.example.com/css/fonts/League_Gothic.woff') format('woff'),
         url('http://www.example.com/css/fonts/League_Gothic.ttf') format('truetype'),
         url('http://www.example.com/css/fonts/League_Gothic.svg')

}

That will fix the issue. One thing to note is that you can specify exactly which domains should be allowed to access your font. In the above htaccess I have specified that everyone can access my font with "*" however you can limit it to:

A single URL:

Header set Access-Control-Allow-Origin http://example.com

Or a comma-delimited list of URLs

Access-Control-Allow-Origin: http://site1.com,http://site2.com

(Multiple values are not supported in current implementations)

回复 原文
半暖夏伤 2024-10-24 19:51:18

根据官方文档

Access-Control-Allow-Origin: "*"

如果您使用标头 ,浏览器不喜欢它也使用

Access-Control-Allow-Credentials: "true"

标题。相反,他们希望您明确允许他们的起源。如果您仍然想允许所有来源,您可以执行一些简单的 Apache 魔法来使其正常工作(确保您已启用 mod_headers):

Header set Access-Control-Allow-Origin "%{HTTP_ORIGIN}e" env=HTTP_ORIGIN

浏览器需要发送 Origin 所有跨域请求的标头。文档明确指出,如果您正在接受/计划接受请求,则需要在 Access-Control-Allow-Origin 标头中回显此标头。这就是这个 Header 指令的作用。

According to the official docs, browsers do not like it when you use the

Access-Control-Allow-Origin: "*"

header if you're also using the

Access-Control-Allow-Credentials: "true"

header. Instead, they want you to allow their origin specifically. If you still want to allow all origins, you can do some simple Apache magic to get it to work (make sure you have mod_headers enabled):

Header set Access-Control-Allow-Origin "%{HTTP_ORIGIN}e" env=HTTP_ORIGIN

Browsers are required to send the Origin header on all cross-domain requests. The docs specifically state that you need to echo this header back in the Access-Control-Allow-Origin header if you are accepting/planning on accepting the request. That's what this Header directive is doing.

回复 原文
jJeQQOZ5 2024-10-24 19:51:18

不幸的是,接受的答案对我不起作用,因为我的网站 CSS 文件 @import 字体 CSS 文件,并且这些文件都存储在 Rackspace 云文件 CDN 上。

由于 Apache 标头永远不会生成(因为我的 CSS 不在 Apache 上),因此我必须执行以下操作:

  1. 转到 Cloud Files UI 并为每种字体添加自定义标头(带有值 * 的 Access-Control-Allow-Origin) -awesome file
  2. 将 woff 和 ttf 文件的 Content-Type 分别更改为 font/woff 和 font/ttf

看看是否可以只使用 #1,因为第二个需要一些命令行工作。

要在 #1 中添加自定义标头:

  • 查看文件的云文件容器,
  • 向下滚动到文件,
  • 单击齿轮图标
  • ,单击编辑标头,
  • 选择 Access-Control-Allow-Origin
  • 单个字符“*”(不带引号)
  • 添加 输入
  • 对其他文件

重复如果您需要继续并执行 #2,那么您将需要一个带有 CURL 的命令行

curl -D - --header "X-Auth-Key: your-auth-key-from-rackspace-cloud-control-panel" --header "X-Auth-User: your-cloud-username" https://auth.api.rackspacecloud.com/v1.0

从返回的结果中提取 X-Auth-Token 和 X-Storage-Url 的值

curl -X POST \
  -H "Content-Type: font/woff" \
  --header "X-Auth-Token: returned-x-auth-token" returned-x-storage-url/name-of-your-container/fonts/fontawesome-webfont.woff

curl -X POST \
  -H "Content-Type: font/ttf" \
  --header "X-Auth-Token: returned-x-auth-token" returned-x-storage-url/name-of-your-container/fonts/fontawesome-webfont.ttf

当然,这仅当您使用 Rackspace CDN 时,该过程才有效。其他 CDN 可能会提供类似的工具来编辑对象标头和更改内容类型,所以也许您会很幸运(并在此处发布一些额外信息)。

The accepted answer doesn't work for me unfortunately, since my site CSS files @import the font CSS files, and these are all stored on a Rackspace Cloud Files CDN.

Since the Apache headers are never generated (since my CSS is not on Apache), I had to do several things:

  1. Go to the Cloud Files UI and add a custom header (Access-Control-Allow-Origin with value *) for each font-awesome file
  2. Change the Content-Type of the woff and ttf files to font/woff and font/ttf respectively

See if you can get away with just #1, since the second requires a bit of command line work.

To add the custom header in #1:

  • view the cloud files container for the file
  • scroll down to the file
  • click the cog icon
  • click Edit Headers
  • select Access-Control-Allow-Origin
  • add the single character '*' (without the quotes)
  • hit enter
  • repeat for the other files

If you need to continue and do #2, then you'll need a command line with CURL

curl -D - --header "X-Auth-Key: your-auth-key-from-rackspace-cloud-control-panel" --header "X-Auth-User: your-cloud-username" https://auth.api.rackspacecloud.com/v1.0

From the results returned, extract the values for X-Auth-Token and X-Storage-Url

curl -X POST \
  -H "Content-Type: font/woff" \
  --header "X-Auth-Token: returned-x-auth-token" returned-x-storage-url/name-of-your-container/fonts/fontawesome-webfont.woff

curl -X POST \
  -H "Content-Type: font/ttf" \
  --header "X-Auth-Token: returned-x-auth-token" returned-x-storage-url/name-of-your-container/fonts/fontawesome-webfont.ttf

Of course, this process only works if you're using the Rackspace CDN. Other CDNs may offer similar facilities to edit object headers and change content types, so maybe you'll get lucky (and post some extra info here).

回复 原文
风轻花落早 2024-10-24 19:51:18

对于基于 Java 的应用程序,请将其添加到您的 web.xml 文件中:

<servlet-mapping>
    <servlet-name>default</servlet-name>
    <url-pattern>*.ttf</url-pattern>
</servlet-mapping>

<servlet-mapping>
    <servlet-name>default</servlet-name>
    <url-pattern>*.otf</url-pattern>
</servlet-mapping>

<servlet-mapping>
    <servlet-name>default</servlet-name>
    <url-pattern>*.eot</url-pattern>
</servlet-mapping>

<servlet-mapping>
    <servlet-name>default</servlet-name>
    <url-pattern>*.woff</url-pattern>
</servlet-mapping>

For Java based Application add this to your web.xml file:

<servlet-mapping>
    <servlet-name>default</servlet-name>
    <url-pattern>*.ttf</url-pattern>
</servlet-mapping>

<servlet-mapping>
    <servlet-name>default</servlet-name>
    <url-pattern>*.otf</url-pattern>
</servlet-mapping>

<servlet-mapping>
    <servlet-name>default</servlet-name>
    <url-pattern>*.eot</url-pattern>
</servlet-mapping>

<servlet-mapping>
    <servlet-name>default</servlet-name>
    <url-pattern>*.woff</url-pattern>
</servlet-mapping>
回复 原文
风吹过旳痕迹 2024-10-24 19:51:18

在请求ajax的file.php中,可以设置值标头。

<?php header('Access-Control-Allow-Origin: *'); //for all ?>

In your file.php of request ajax, can set value header.

<?php header('Access-Control-Allow-Origin: *'); //for all ?>
回复 原文
~没有更多了~

关于作者

爱的十字路口

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

卷耳

文章 0 评论 0

佚名

文章 0 评论 0

℉服软

文章 0 评论 0

qq_2gSKZM

文章 0 评论 0

凉宸

文章 0 评论 0

gyhjy

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文