[英]Requested font files from Azure CDN being blocked by CORS policy
So I have an Azure Web Service and an Azure CDN.所以我有一个 Azure Web 服务和一个 Azure CDN。 My web service is running on ASP.Net Core
我的 Web 服务在 ASP.Net Core 上运行
I make a request for my Website's index.html, which starts downloading assets from the CDN.我请求我的网站的 index.html,它开始从 CDN 下载资产。 All the assets get loaded, except for the font files.
除了字体文件之外,所有资产都被加载。
Here's the error:这是错误:
Access to Font at ' https:// CDN .azureedge.net/68.0.3/styles/ui-grid.woff ' from origin ' https:// WebApp .azurewebsites.net ' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
访问字体的'https://开头CDN .azureedge.net / 68.0.3 /风格/ UI-grid.woff'从原点'https://开头的WebApp .azurewebsites.net'已被封锁的CORS政策:否“访问-Control-Allow-Origin' 标头存在于请求的资源上。 Origin ' https:// WebApp .azurewebsites.net ' is therefore not allowed access.
因此,不允许访问 Origin ' https:// WebApp .azurewebsites.net '。
Here's what one of the requests looks like:这是其中一个请求的样子:
So what I understand is:所以我的理解是:
If using Azure Blob Storage as Origin for your CDN endpoint, the problem could be the CORS configuration in the Storage Account .如果使用 Azure Blob 存储作为 CDN 终结点的源,则问题可能是存储帐户中的 CORS 配置。
I initially had all my domains in a separate row under Allowed Origins
and received the same errors as the OP.我最初将所有域都放在
Allowed Origins
下的单独一行中,并收到与 OP 相同的错误。 Turns out you can/must place all domains (that should have the same CORS configuration) on the same row, separated by ,
like this:原来你可以/必须将所有域(应该具有相同的 CORS 配置)放在同一行上,用 分隔
,
如下所示:
In my case, IIS blocks .woff since mimeType is not set, hence you can set that in web.config (and optionally CORS if required) as follows:就我而言,由于未设置 mimeType,IIS 会阻止 .woff,因此您可以在 web.config 中进行设置(如果需要,还可以选择 CORS),如下所示:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
<staticContent>
<remove fileExtension=".woff" /> <!-- In case IIS already has this mime type -->
<mimeMap fileExtension=".woff" mimeType="application/x-font-woff" />
<remove fileExtension=".woff2" />
<!-- In case IIS already has this mime type -->
<mimeMap fileExtension=".woff2" mimeType="application/x-font-woff2" />
</staticContent>
</system.webServer>
</configuration>
You can't pull fonts from CDN without proper config - it's a different domain, so browser can't trust this files without proper headers.如果没有正确的配置,你就不能从 CDN 中提取字体——这是一个不同的域,所以浏览器不能信任没有正确标题的文件。
You have only one option - set properly header in CDN.您只有一种选择 - 在 CDN 中正确设置标题。 If you have access to Apache or NGINX you can set:
如果您有权访问 Apache 或 NGINX,则可以设置:
Apache阿帕奇
<FilesMatch ".(eot|ttf|otf|woff)">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
NGINX NGINX
if ($filename ~* ^.*?\.(eot)|(ttf)|(woff)$){
add_header Access-Control-Allow-Origin *;
}
If you don't have access to server settings you can't use fonts from CDN.如果您无权访问服务器设置,则无法使用 CDN 中的字体。
If you are using the Verizon Premium SKU of Azure CDN, you can also set the CORS headers via the CDN instead of the origin server.如果使用的是 Azure CDN 的 Verizon Premium SKU,还可以通过 CDN 而不是源服务器设置 CORS 标头。
https://docs.microsoft.com/en-us/azure/cdn/cdn-cors https://docs.microsoft.com/en-us/azure/cdn/cdn-cors
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.