从 Azure CDN 请求的字体文件被 CORS 策略阻止
[英]Requested font files from Azure CDN being blocked by CORS policy
问题描述
So I have an Azure Web Service and an Azure CDN.
所以我有一个 Azure Web 服务和一个 Azure CDN。 My web service is running on ASP.Net Core我的 Web 服务在 ASP.Net Core 上运行
I make a request for my Website's index.html, which starts downloading assets from the CDN.我请求我的网站的 index.html,它开始从 CDN 下载资产。 All the assets get loaded, except for the font files.除了字体文件之外,所有资产都被加载。
Here's the error:这是错误:
Access to Font at ' https:// CDN .azureedge.net/68.0.3/styles/ui-grid.woff ' from origin ' https:// WebApp .azurewebsites.net ' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Here's what one of the requests looks like:这是其中一个请求的样子:
So what I understand is:所以我的理解是:
- Download index.html from Web Server从 Web 服务器下载 index.html
- index.html -> download .css from CDN index.html -> 从 CDN 下载 .css
- .css -> download font from CDN .css -> 从 CDN 下载字体
- Blocked??被屏蔽了?? It seems like the browser is blocking the request, not the CDN, is that correct?似乎是浏览器阻止了请求,而不是 CDN,对吗? If so why?如果是为什么? Just because it's a font file request?仅仅因为它是一个字体文件请求?
4 个解决方案
解决方案1
12 2018-12-17 15:39:22
If using Azure Blob Storage as Origin for your CDN endpoint, the problem could be the CORS configuration in the Storage Account .如果使用 Azure Blob 存储作为 CDN 终结点的源,则问题可能是存储帐户中的 CORS 配置。
I initially had all my domains in a separate row under Allowed Origins and received the same errors as the OP.我最初将所有域都放在Allowed Origins下的单独一行中,并收到与 OP 相同的错误。 Turns out you can/must place all domains (that should have the same CORS configuration) on the same row, separated by , like this:原来你可以/必须将所有域(应该具有相同的 CORS 配置)放在同一行上,用 分隔,如下所示:
解决方案2
5 2018-03-28 06:54:28
In my case, IIS blocks .woff since mimeType is not set, hence you can set that in web.config (and optionally CORS if required) as follows:就我而言,由于未设置 mimeType,IIS 会阻止 .woff,因此您可以在 web.config 中进行设置(如果需要,还可以选择 CORS),如下所示:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
<staticContent>
<remove fileExtension=".woff" /> <!-- In case IIS already has this mime type -->
<mimeMap fileExtension=".woff" mimeType="application/x-font-woff" />
<remove fileExtension=".woff2" />
<!-- In case IIS already has this mime type -->
<mimeMap fileExtension=".woff2" mimeType="application/x-font-woff2" />
</staticContent>
</system.webServer>
</configuration>
解决方案3
2 2017-09-15 12:03:48
You can't pull fonts from CDN without proper config - it's a different domain, so browser can't trust this files without proper headers.如果没有正确的配置,你就不能从 CDN 中提取字体——这是一个不同的域,所以浏览器不能信任没有正确标题的文件。
You have only one option - set properly header in CDN.您只有一种选择 - 在 CDN 中正确设置标题。 If you have access to Apache or NGINX you can set:如果您有权访问 Apache 或 NGINX,则可以设置:
Apache阿帕奇
<FilesMatch ".(eot|ttf|otf|woff)">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
NGINX NGINX
if ($filename ~* ^.*?\.(eot)|(ttf)|(woff)$){
add_header Access-Control-Allow-Origin *;
}
If you don't have access to server settings you can't use fonts from CDN.如果您无权访问服务器设置,则无法使用 CDN 中的字体。
解决方案4
1 2017-09-15 19:33:30
If you are using the Verizon Premium SKU of Azure CDN, you can also set the CORS headers via the CDN instead of the origin server.如果使用的是 Azure CDN 的 Verizon Premium SKU,还可以通过 CDN 而不是源服务器设置 CORS 标头。
https://docs.microsoft.com/en-us/azure/cdn/cdn-cors https://docs.microsoft.com/en-us/azure/cdn/cdn-cors
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.