Vurtual (.htaccess) Subdomains CORS Issue - No 'Access-Control-Allow-Origin' header

I use .htaccess mod rewrite rules to redirect any (existing) subdomain URL request to the main website where those URLs are resolved internally:

** RewriteCond %{HTTP_HOST} ^(.) [NC] RewriteRule (.) sites/index.php [NC,L]**

    eg. any ****
    would be processed by **** 

    absolute path:** /home/**

I am using some icon web fonts, not at CDN but nested within a dedicated folder within my main site (eg., however, they are not displayed due to CORS policies and the error message I get in the console is as follows:

Access to font at ‘’ from origin ‘’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

I’ve already tried implementing the following direction first at the beginning of my .htaccess file, then at the server conf file as well (/etc/apache2/sites-available/ :

<IfModule mod_headers.c> <FilesMatch “.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$”> Header set Access-Control-Allow-Origin “*” </FilesMatch> </IfModule>

I also tried with the alternative code specific for the subdomain scenario:

<ifmodule mod_headers.c=“”> SetEnvIf Origin “^($" ORIGIN_SUB_DOMAIN=$1 Header set Access-Control-Allow-Origin “%{ORIGIN_SUB_DOMAIN}e” env=ORIGIN_SUB_DOMAIN Header set Access-Control-Allow-Methods: "” Header set Access-Control-Allow-Headers: “Origin, X-Requested-With, Content-Type, Accept, Authorization” </ifmodule>

However I could not resolve the CORS issue and the error message still remains and the icons are not displayed in the browser (Crom, Firefox…).

Any idea on how should I resolve this issue or what am I doing wrong?



Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

Ups… I’ve managed to figure out the culprit… actually I had some javascript errors in my code that messed up other on-page functionalities. Once I resolved it the font issue and CORS was resolved as well :)