Я добавил заголовок Acces Control Allow Origin в мой файл htaccess, и он используется, если я проверяю его с помощью cURL:
curl -I https://mywebsite.nl/assets/fonts/TheanoDidot-Regular.woff2
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 17 Apr 2019 11:32:12 GMT
Content-Length: 54360
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Wed, 17 Apr 2019 09:31:50 GMT
ETag: "d458-586b68e298fde"
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Wed, 17 Apr 2019 11:32:12 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS,DELETE,PUT
Но когда я загружаю этот файл шрифта из другого домена, он все равноблокируется: доступ к шрифту в 'https://mywebsite.nl/assets/fonts/TheanoDidot-Regular.woff2' от источника' https://myotherwebsite.nl' заблокирован политикой CORS: в запрошенном ресурсе отсутствует заголовок 'Access-Control-Allow-Origin'.
Мне не хватает чего-то важного?
Мой полный htaccess:
# Turn on Expires and set default to 0
ExpiresActive On
ExpiresDefault A0
# Set up caching on media files for 1 year (forever?)
<filesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav)$">
ExpiresDefault A29030400
Header append Cache-Control "public"
</filesMatch>
# Set up caching on media files for 1 week
<filesMatch "\.(gif|jpg|jpeg|png|swf)$">
ExpiresDefault A604800
Header append Cache-Control "public"
</filesMatch>
# Set up 2 Hour caching on commonly updated files A7200
<filesMatch "\.(xml|txt|html|js|css)$">
ExpiresDefault A604800
Header append Cache-Control "proxy-revalidate"
</filesMatch>
# Force no caching for dynamic files
<filesMatch "\.(php|cgi|pl|htm)$">
ExpiresActive Off
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
</filesMatch>
<FilesMatch "\.(ttf|otf|eot|woff|woff2)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET,POST,OPTIONS,DELETE,PUT"
</IfModule>
</FilesMatch>
#HSTS
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} ^www.mywebsite.nl$ [NC]
RewriteRule ^(.*)$ https://mywebsite.nl/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
RewriteBase /
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} "/assets/"
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php/$1 [L]
RewriteBase /
RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,NE,L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
# Submitted by: ElliotHaughin
ErrorDocument 404 /index.php