Question

Vurtual (.htaccess) Subdomains CORS Issue - No 'Access-Control-Allow-Origin' header

I use .htaccess mod rewrite rules to redirect any (existing) subdomain URL request to the main website where those URLs are resolved internally:

** RewriteCond %{HTTP_HOST} ^(.).example.com [NC] RewriteRule (.) sites/index.php [NC,L]**

    eg. any **virtual-subdomain.example.com/some-page**
    would be processed by **example.com/sites/index.php** 

    absolute path:** /home/example.com/public_html/sites/index.php**

I am using some icon web fonts, not at CDN but nested within a dedicated folder within my main site (eg. example.com/fonts/, however, they are not displayed due to CORS policies and the error message I get in the console is as follows:

Access to font at ‘https://example.com/fonts/fontawesome/fontawesome-webfont.woff2?v=4.3.0’ from origin ‘https://subdomain.example.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

I’ve already tried implementing the following direction first at the beginning of my .htaccess file, then at the server conf file as well (/etc/apache2/sites-available/example.com.conf) :

<IfModule mod_headers.c> <FilesMatch “.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$”> Header set Access-Control-Allow-Origin “*” </FilesMatch> </IfModule>

I also tried with the alternative code specific for the subdomain scenario:

<ifmodule mod_headers.c=“”> SetEnvIf Origin “^(..example.com)$" ORIGIN_SUB_DOMAIN=$1 Header set Access-Control-Allow-Origin “%{ORIGIN_SUB_DOMAIN}e” env=ORIGIN_SUB_DOMAIN Header set Access-Control-Allow-Methods: "” Header set Access-Control-Allow-Headers: “Origin, X-Requested-With, Content-Type, Accept, Authorization” </ifmodule>

However I could not resolve the CORS issue and the error message still remains and the icons are not displayed in the browser (Crom, Firefox…).

Any idea on how should I resolve this issue or what am I doing wrong?

Thanks!


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

Ups… I’ve managed to figure out the culprit… actually I had some javascript errors in my code that messed up other on-page functionalities. Once I resolved it the font issue and CORS was resolved as well :)

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.