HelloZeroNet
Access-Control-Allow-Origin error on font
Step 1: Please describe your environment
- ZeroNet version: 0.7.1 rev4206
- Operating system: Ubuntu 20.10
- Web browser: Firefox
- Tor status: not available/always/disabled
- Opened port: yes/no
- Special configuration: ____
Step 2: Describe the problem:
On my site Firefox 87.0 does not include the custom fonts any more. I get the error
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://127.0.0.1:43110/1XXXXXXXXXXXXXXXXXXXXXX/css/fonts/kingsbridge_rg.ttf. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
Although the url to the font is ok, if I click on the link in the Firefox console I can download the font. Why does ZeroNet not allow to use a font which is on the same ZeroNet site?
~same problem in Edge, and request header Origin: null may cause this problem?~
~other assests file like PNG or JPG, they dont have Origin: null request header, and no cors issues at all.~
ok, I try Firefox, and it dont have this issuse, Firefox request header Referer: http://127.0.0.1:43110/
this is Edge request look like:
curl 'http://127.0.0.1:43110/xxxxx/fonts/xxxxx.ttf' \
-H 'Connection: keep-alive' \
-H 'Origin: null' \
-H 'Accept: */*' \
-H 'Sec-Fetch-Site: cross-site' \
-H 'Sec-Fetch-Mode: cors' \
-H 'Sec-Fetch-Dest: font' \
-H 'Accept-Language: zh-CN,zh;q=0.9,zh-TW;q=0.8,ja;q=0.7,en;q=0.6' \
--compressed
and this is Firefox:
curl 'http://127.0.0.1:43110/xxxxx/fonts/xxxxx.ttf' \
-H 'Accept-Language: zh-CN,zh;q=0.8,ja;q=0.5,en;q=0.3' \
-H 'Origin: null' \
-H 'Connection: keep-alive' \
-H 'Referer: http://127.0.0.1:43110/' \
-H 'Pragma: no-cache' \
-H 'Cache-Control: no-cache'\
--compressed
Firefox got response header Access-Control-Allow-Origin: *, but Edge didn't.
