我正在为我的网站提供来自无cookie域的资源。在Chrome和Firefox中,由于跨站点原因,
Redirect at origin 'http://static.domain.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.domain.com' is therefore not allowed access.
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
# mod_headers, y u no match by Content-Type?!
<FilesMatch ".(gif|png|jpe?g|svg|svgz|ico|webp)$">
SetEnvIf Origin ":" IS_CORS
Header set Access-Control-Allow-Origin "*" env=IS_CORS
</FilesMatch>
</IfModule>
</IfModule>
<IfModule mod_headers.c>
<FilesMatch ".(ttf|ttc|otf|eot|woff|woff2|font.css|css|js|svg)$”>
Header set Access-Control-Allow-Origin “*”
</FilesMatch>
</IfModule>
由于某些原因,这不能正常工作- eot文件返回正确的头,但ttf, woff和svg没有。我有点困惑,不知道为什么!我在语法上有什么错误吗?
测试结束头
Access-Control-Allow-Origin *
Date Sun, 25 Oct 2015 19:41:30 GMT
Last-Modified Sat, 24 Oct 2015 10:22:45 GMT
Server cloudflare-nginx
CF-RAY 23b066397718352a-LHR
Content-Type application/vnd.ms-fontobject
TTF头
Date Sun, 25 Oct 2015 21:57:58 GMT
Last-Modified Sat, 24 Oct 2015 10:22:44 GMT
Server cloudflare-nginx
Content-Type application/x-font-ttf
Cache-Control max-age=31104000
Accept-Ranges bytes
CF-RAY 23b12e202e1735ea-LHR
Content-Length 199248
Expires Wed, 19 Oct 2016 21:57:56 GMT
我注意到ttf是缓存的,而eot不是。当你使用cloudfare时,它很可能遵循了这些缓存指令,因此正在提供缓存版本。
请参阅此处了解更多信息和潜在的解决方法:https://support.cloudflare.com/hc/en-us/articles/203063414-Why-can-t-I-see-my-CORS-headers-