被CORS阻止,但“允许来源”为*

时间:2019-04-17 11:43:57

标签: .htaccess cors access-control

我已经将Acces Control Allow Origin标头添加到我的htaccess文件中,如果我通过cURL检查它,就会使用它:

curl -I https://mywebsite.nl/assets/fonts/TheanoDidot-Regular.woff2
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 17 Apr 2019 11:32:12 GMT
Content-Length: 54360
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Wed, 17 Apr 2019 09:31:50 GMT
ETag: "d458-586b68e298fde"
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Wed, 17 Apr 2019 11:32:12 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS,DELETE,PUT

但是当我从另一个域加载此字体文件时,它仍然被阻止: CORS策略已阻止从来源“ https://mywebsite.nl/assets/fonts/TheanoDidot-Regular.woff2”访问“ https://myotherwebsite.nl”处的字体:请求的资源上没有“ Access-Control-Allow-Origin”标头。

我想念一些重要的东西吗?

我的完整htaccess:

# Turn on Expires and set default to 0
ExpiresActive On
ExpiresDefault A0
# Set up caching on media files for 1 year (forever?)
<filesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav)$">
  ExpiresDefault A29030400
  Header append Cache-Control "public"
</filesMatch>
# Set up caching on media files for 1 week
<filesMatch "\.(gif|jpg|jpeg|png|swf)$">
  ExpiresDefault A604800
  Header append Cache-Control "public"
</filesMatch>
# Set up 2 Hour caching on commonly updated files A7200
<filesMatch "\.(xml|txt|html|js|css)$">
  ExpiresDefault A604800
  Header append Cache-Control "proxy-revalidate"
</filesMatch>
# Force no caching for dynamic files
<filesMatch "\.(php|cgi|pl|htm)$">
  ExpiresActive Off
  Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
  Header set Pragma "no-cache"
</filesMatch>


<FilesMatch "\.(ttf|otf|eot|woff|woff2)$">
    <IfModule mod_headers.c>
        Header set Access-Control-Allow-Origin "*"
        Header set Access-Control-Allow-Methods "GET,POST,OPTIONS,DELETE,PUT"
    </IfModule>
</FilesMatch>

#HSTS
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

RewriteEngine On

RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

RewriteCond %{HTTP_HOST} ^www.mywebsite.nl$ [NC]
RewriteRule ^(.*)$ https://mywebsite.nl/$1 [R=301,L]

RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]

RewriteBase /
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} "/assets/"
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php/$1 [L]

RewriteBase /
RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,NE,L]

#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]

# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
# Submitted by: ElliotHaughin

ErrorDocument 404 /index.php

1 个答案:

答案 0 :(得分:0)

好的,我已经发现问题了。我的服务器使用的是apache和nginx的组合。我必须将以下设置添加到我的nginx.conf文件中

location ~* \.(eot|ttf|woff|woff2)$ {
    add_header Access-Control-Allow-Origin *;
}

对我来说,使用DirectAdmin进行自定义httpd设置可以实现