我正在从无cookie域中为我的网站提供资源.由于Chrome和Firefox中的跨站点原因,此功能受阻

Redirect at origin 'http://static.domain.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.domain.com' is therefore not allowed access.

所以我在htaccess文件中添加了以下内容以启用CORS

<IfModule mod_setenvif.c>
  <IfModule mod_headers.c>
    # mod_headers, y u no match by Content-Type?!
    <FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$">
      SetEnvIf Origin ":" IS_CORS
      Header set Access-Control-Allow-Origin "*" env=IS_CORS
    </FilesMatch>
  </IfModule>
</IfModule>

<IfModule mod_headers.c>
  <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js|svg)$”>
    Header set Access-Control-Allow-Origin “*”
  </FilesMatch>
</IfModule>

由于某种原因,这不能正常工作 – eot文件返回正确的标题,但ttf,woff和svg没有.我为什么有些神秘！我的语法错了吗？

EOT标题

Access-Control-Allow-Origin *
Date    Sun, 25 Oct 2015 19:41:30 GMT
Last-Modified   Sat, 24 Oct 2015 10:22:45 GMT
Server  cloudflare-nginx
CF-RAY  23b066397718352a-LHR
Content-Type    application/vnd.ms-fontobject

TTF标题

Date    Sun, 25 Oct 2015 21:57:58 GMT
Last-Modified   Sat, 24 Oct 2015 10:22:44 GMT
Server  cloudflare-nginx
Content-Type    application/x-font-ttf
Cache-Control   max-age=31104000
Accept-Ranges   bytes
CF-RAY  23b12e202e1735ea-LHR
Content-Length  199248
Expires Wed, 19 Oct 2016 21:57:56 GMT

最佳答案 我注意到ttf是缓存而eot不是.当您使用云计算时,它很可能遵循这些缓存指令,因此提供缓存版本.

有关详细信息,请参阅此处以及可能的解决方法：https://support.cloudflare.com/hc/en-us/articles/203063414-Why-can-t-I-see-my-CORS-headers-