I have been investigating why Chrome does not see the Access-Control-Allow-Origin: * response header I recently added to this resource:
curl --head https://d1j0ipfc4bt9kq.cloudfront.net/classic/resources/font-pictos/fonts/pictos-web.ttf
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 18276
Connection: keep-alive
Server: nginx
Date: Sun, 13 Aug 2017 12:05:51 GMT
Last-Modified: Sat, 08 Aug 2015 06:28:16 GMT
ETag: "55c5a180-4764"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Age: 4992
X-Cache: Hit from cloudfront
Via: 1.1 ce5d7dfdbc1039d2bdb26d1c19b174ea.cloudfront.net (CloudFront)
X-Amz-Cf-Id: xvs12zJ2IwAKOH8dSbSVj1TPRARt4-HuCT1ZeEatt6tl-6Q-4UMIEQ==
I cleared all Chrome caches from the beginning of time, opened chrome://net-internals/#events and hit the above URL in a separate tab. The relevant bit in the corresponding network event entry reads:
6327: URL_REQUEST
https://d1j0ipfc4bt9kq.cloudfront.net/classic/resources/font-pictos/fonts/pictos-web.ttf
Start Time: 2017-08-14 01:37:40.002
...........
t=21301 [st=195] HTTP_TRANSACTION_READ_RESPONSE_HEADERS
--> HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 18276
Connection: keep-alive
Server: nginx
Date: Thu, 27 Jul 2017 05:58:47 GMT
Last-Modified: Sat, 08 Aug 2015 06:28:16 GMT
ETag: "55c5a180-4764"
Accept-Ranges: bytes
Age: 1496333
X-Cache: Hit from cloudfront
Via: 1.1 453ad64bd65746737c752d43554e5f9b.cloudfront.net (CloudFront)
X-Amz-Cf-Id: P-PMp23gDI5JCzqjNvsDa1SOQ8pXMDtNp27pKDGYar9R9IhOuGCxpQ==
...........
As you can see, Chrome is "receiving" a 17-days old response that does not yet contain the Access-Control-Allow-Origin: * header.
What cache is that response coming from and how to clear it? I'm using Chrome 60.0.3112.90 (Official Build) (64-bit). I was thinking if there could be some caching proxy between my computer and CloudFront but HTTPS rules that out.