Help with Access-Control-Allow-Origin (CORS)

Mouth

Well-known member
My site is not loading font awesome from CDN ...

Font from origin 'https://cdn.netrider.net.au' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://netrider.net.au' is therefore not allowed access. The response had HTTP status code 403.

... but the http headers look OK ...

HTTP Status for: "https://netrider.net.au/"
  • HTTP/1.1 200 OK
  • Server: nginx
  • Content-Type: text/html; charset=UTF-8
  • Connection: close
  • X-Frame-Options: SAMEORIGIN
  • Strict-Transport-Security: max-age=15638400; preload
  • Access-Control-Allow-Origin: *
  • X-Frame-Options: SAMEORIGIN
  • X-Content-Type-Options: nosniff
  • Date: Sat, 19 Dec 2015 23:25:54 GMT
  • X-Page-Speed: 1.9.32.4-7251
  • Cache-Control: max-age=0, no-cache
... and ...

HTTP Status for: "https://cdn.netrider.net.au/"
  • HTTP/1.1 200 OK
  • Server: keycdn-engine
  • Date: Sat, 19 Dec 2015 23:31:26 GMT
  • Content-Type: text/html; charset=UTF-8
  • Connection: close
  • Vary: Accept-Encoding
  • X-Frame-Options: SAMEORIGIN
  • Strict-Transport-Security: max-age=15638400; preload
  • X-Frame-Options: SAMEORIGIN
  • X-Content-Type-Options: nosniff
  • X-Page-Speed: 1.9.32.4-7251
  • Cache-Control: max-age=604800
  • Expires: Sat, 26 Dec 2015 23:31:26 GMT
  • Link: <https://netrider.net.au/>; rel="canonical"
  • X-Cache: MISS
  • X-Edge-Location: defr
  • Access-Control-Allow-Origin: *

Thus, both having "Access-Control-Allow-Origin: *" to allow font loading from external domains.

Would appreciate some pointer/assistance on what I've gotten wrong. Have been reading, but cannot figure out the issue.
 
FYI, in case anyone gets the same issue.
I changed my CDN url (using KeyCDN's new LetsEncrypt functionality) and forgot to add a referrer allowance at the CDN for the change in URL.
 
Back
Top Bottom