13

We are getting CORS issue for cloudfront to my site for FONT only.

Access to Font at 'http://d2v777xrj.cloudfront.net/assets/simple-line-icons/fonts/Simple-Line-Icons-ff94ad94c3a9d04bd2f80cb3c87dcccb.woff' from origin 'http://example.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://example.com' is therefore not allowed access.

Improve this question
3
  • We're having the exact same issue with fonts and tried everything possible. Did you manage to get rid of this issue? Beside invalidating the bucket with fonts, it seems nothing else works. Commented Oct 9, 2018 at 7:02
  • @NicolaeOlariu this one worked for me. Commented Nov 2, 2018 at 13:50
  • @NicolaeOlariu: use filter at server side to enable cors specific headers.. It worked for me. Commented Dec 13, 2019 at 8:46

6 Answers 6

Reset to default
10

References (After looking into references, found these reference that worked for me. I didnt add any CORS on S3 bucket. Only Cloudfront accessing S3) [for your case change themes to assets]

https://deliciousbrains.com/wp-offload-media/doc/font-cors/

http://thelazylog.com/correct-configuration-to-fix-cors-issue-with-cloudfront/

enter image description here

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Creating a behavior in Cloudfront to server accept origin header does the job. But before that, you need to configure the application server, Apache (module headers) in my case to set the Access-Control-Allow-Origin header: Header set Access-Control-Allow-Origin: yourdomain.com
10

Tried everything but nothing worked! But the solution was very easy just two-step solution and nothing else.

  1. Go to S3 Bucket->Permissions->Edit : Cross-origin resource sharing (CORS)->paste below configuration. In most of the other articles they are doing mistake of wrong header. you have to put "Origin" in AllowedHeaders.

     [
     {
         "AllowedHeaders": [
             "Origin"
         ],
         "AllowedMethods": [
             "HEAD",
             "GET"
         ],
         "AllowedOrigins": [
             "http://www.yourdomain.com",
             "https://www.yourdomain.com",
             "https://yourdomain.com",
             "http://yourdomain.com"
         ],
         "ExposeHeaders": [],
         "MaxAgeSeconds": 3000
     }
 ]

  2. Go to Cloudfront->Behaviours->Default(*)->Edit Change, Cache and origin request settings to : Use legacy cache settings Change, Cache Based on Selected Request Headers to : Whitelist Then, Add Whitelist Headers to : Origin [Only]

Improve this answer

1 Comment

This really is the solution
4

Cloud Front Added Origin Policy Recently. Updating the origin policy to s3origin worked for me as below once S3 was configured correctly.

cache and origin policy config

Improve this answer

1 Comment

you save my day, first it not working. and after check Cloudfront dashboard, it still loading deployment new behavior. so just wait until it done. and check again
2

Update July 2023:

My problem was resolved after applying the following changes:

  1. Change the permissions of the bucket on S3:
    • Go to s3.console.aws.amazon.com/s3 and select the bucket.
    • After selecting the bucket, click on Permissions tab: s3 bucket menu
    • Scroll down to Cross-origin resource sharing (CORS) section and add the following: 
      [
   {
       "AllowedHeaders": [
           "*"
       ],
       "AllowedMethods": [
           "GET",
           "HEAD"
       ],
       "AllowedOrigins": [
           "http://example.com",
       ],
       "ExposeHeaders": []
   }
]
  2. Change the behavior of the distribution:
    • Select the behavior and click on edit icon: behavior content
    • Make sure you have added the OPTIONS method for Viewer section: Add options
    • Change the Origin request policy permission. enter image description here
Improve this answer

Comments

0
  1. Go to CloudFront
  2. Pick the distribution
  3. Edit Behavior
  4. On Response headers policy: CORS-with-preflight-and-SecurityHeadersPolicy
  5. Save changes
Improve this answer

Comments

0

I resolved the CORS issue by adding a custom origin header in CloudFront.
Specifically, I set the header value to the full domain (e.g., https://domain), and the fonts started loading correctly afterward.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.