Vurtual (.htaccess) Subdomains CORS Issue - No 'Access-Control-Allow-Origin' header

Posted January 8, 2019 17k views
ApacheUbuntu 16.04DevelopmentCDN

I use .htaccess mod rewrite rules to redirect any (existing) subdomain URL request to the main website where those URLs are resolved internally:

** RewriteCond %{HTTP_HOST} ^(.) [NC]
RewriteRule (.
) sites/index.php [NC,L]**

    eg. any ****
    would be processed by **** 

    absolute path:** /home/**

I am using some icon web fonts, not at CDN but nested within a dedicated folder within my main site (eg., however, they are not displayed due to CORS policies and the error message I get in the console is as follows:

Access to font at ’’ from origin ’’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

I’ve already tried implementing the following direction first at the beginning of my .htaccess file, then at the server conf file as well (/etc/apache2/sites-available/ :

<IfModule mod_headers.c>
<FilesMatch “.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$”>
Header set Access-Control-Allow-Origin “*”

I also tried with the alternative code specific for the subdomain scenario:

<ifmodule mod_headers.c=“”>
SetEnvIf Origin “^($” ORIGINSUBDOMAIN=$1
Header set Access-Control-Allow-Origin “%{ORIGINSUBDOMAIN}e” env=ORIGINSUBDOMAIN
Header set Access-Control-Allow-Methods: “

Header set Access-Control-Allow-Headers: “Origin, X-Requested-With, Content-Type, Accept, Authorization”

However I could not resolve the CORS issue and the error message still remains and the icons are not displayed in the browser (Crom, Firefox..).

Any idea on how should I resolve this issue or what am I doing wrong?


These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Ups.... I’ve managed to figure out the culprit… actually I had some javascript errors in my code that messed up other on-page functionalities. Once I resolved it the font issue and CORS was resolved as well :)