Amazon S3 CORS and Firefox Cross-Domain Font Loading
Background
Firefox has historically encountered difficulties loading fonts from origins distinct from the current webpage, particularly when fonts are stored on CDNs. While various solutions have been proposed, the introduction of Amazon S3 Cross-Origin Resource Sharing (CORS) raises the question of whether this issue can be addressed using CORS.
CORS Configuration
An Amazon S3 CORS configuration that has been successfully implemented to address this issue is provided below:
<?xml version="1.0" encoding="UTF-8"?>
<corsconfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<corsrule>
<allowedorigin>https://mydomain.com</allowedorigin>
<allowedmethod>GET</allowedmethod>
<maxageseconds>3000</maxageseconds>
<allowedheader>Content-*</allowedheader>
<allowedheader>Host</allowedheader>
</corsrule>
<corsrule>
<allowedorigin>https://*.mydomain.com</allowedorigin>
<allowedmethod>GET</allowedmethod>
<maxageseconds>3000</maxageseconds>
<allowedheader>Content-*</allowedheader>
<allowedheader>Host</allowedheader>
</corsrule>
</corsconfiguration>
The significance of the AllowedMethod (GET) and AllowedHeader (Content-*) settings in this configuration is crucial.
Query String Workaround
In certain cases, developers may encounter issues due to Cloudfront caching the Access-Control-Allow-Origin header. To address this, AWS staff recommends using a query string to differentiate between requests from various domains.
By using a unique query string for each domain, such as "?https_a.domain.com" and "?http_b.domain.com", Cloudfront will return different Access-Control-Allow-Origin values, allowing font loading across domains.
The above is the detailed content of Can Amazon S3 CORS Solve Firefox's Cross-Domain Font Loading Problems?. For more information, please follow other related articles on the PHP Chinese website!
Weekly Platform News: Impact of Third-Party Code, Passive Mixed Content, Countries with the Slowest ConnectionsApr 15, 2025 am 11:19 AMIn this week's roundup, Lighthouse sheds light on third-party scripts, insecure resources will get blocked on secure sites, and many country connection speeds
Options for Hosting Your Own Non-JavaScript-Based AnalyticsApr 15, 2025 am 11:09 AMThere are loads of analytics platforms to help you track visitor and usage data on your sites. Perhaps most notably Google Analytics, which is widely used
It's All In the Head: Managing the Document Head of a React Powered Site With React HelmetApr 15, 2025 am 11:01 AMThe document head might not be the most glamorous part of a website, but what goes into it is arguably just as important to the success of your website as its
What is super() in JavaScript?Apr 15, 2025 am 10:59 AMWhat's happening when you see some JavaScript that calls super()?.In a child class, you use super() to call its parent’s constructor and super. to access its
Comparing the Different Types of Native JavaScript PopupsApr 15, 2025 am 10:48 AMJavaScript has a variety of built-in popup APIs that display special UI for user interaction. Famously:
Why Are Accessible Websites so Hard to Build?Apr 15, 2025 am 10:45 AMI was chatting with some front-end folks the other day about why so many companies struggle at making accessible websites. Why are accessible websites so hard
The `hidden` Attribute is Visibly WeakApr 15, 2025 am 10:43 AMThere is an HTML attribute that does exactly what you think it should do:
A Look at JAMstack's Speed, By the NumbersApr 15, 2025 am 10:39 AMPeople say JAMstack sites are fast — let’s find out why by looking at real performance metrics! We’ll cover common metrics, like Time to First Byte
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
SublimeText3 Chinese version
Chinese version, very easy to use
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
Dreamweaver Mac version
Visual web development tools
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
