I use .htaccess mod rewrite rules to redirect any (existing) subdomain URL request to the main website where those URLs are resolved internally:

** RewriteCond %{HTTP_HOST} ^(.).example.com [NC]
RewriteRule (.) sites/index.php [NC,L]**

    eg. any **virtual-subdomain.example.com/some-page**
    would be processed by **example.com/sites/index.php** 

    absolute path:** /home/example.com/public_html/sites/index.php**

I am using some icon web fonts, not at CDN but nested within a dedicated folder within my main site (eg. example.com/fonts/, however, they are not displayed due to CORS policies and the error message I get in the console is as follows:

Access to font at ’https://example.com/fonts/fontawesome/fontawesome-webfont.woff2?v=4.3.0’ from origin ’https://subdomain.example.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

I’ve already tried implementing the following direction first at the beginning of my .htaccess file, then at the server conf file as well (/etc/apache2/sites-available/example.com.conf) :

<IfModule mod_headers.c>
<FilesMatch “.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$”>
Header set Access-Control-Allow-Origin “*”
</FilesMatch>
</IfModule>

I also tried with the alternative code specific for the subdomain scenario:

<ifmodule mod_headers.c=“”>
SetEnvIf Origin “^(..example.com)$” ORIGINSUBDOMAIN=$1
Header set Access-Control-Allow-Origin “%{ORIGINSUBDOMAIN}e” env=ORIGINSUBDOMAIN
Header set Access-Control-Allow-Methods: “”
Header set Access-Control-Allow-Headers: “Origin, X-Requested-With, Content-Type, Accept, Authorization”
</ifmodule>

However I could not resolve the CORS issue and the error message still remains and the icons are not displayed in the browser (Crom, Firefox..).

Any idea on how should I resolve this issue or what am I doing wrong?

Thanks!