七牛云存储 - 七牛+Nginx+图标字体=No 'Access-Control-Allow-Origin' header错误？

Question

Font from origin 'http://img.***.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://***.com' is therefore not allowed access. The response had HTTP status code 403. (index):1
GET http://img.***.com/wp-content/themes/someone-v2/fonts/fontawesome-webfont.woff 

已经载入了

    location ~* \.(eot|otf|ttf|woff|svg)$ {
        add_header Access-Control-Allow-Origin *;
    }

font-awesome.min.css：

@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot');src:url('../fonts/fontawesome-webfont.eot') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff') format('woff'),url('../fonts/fontawesome-webfont.ttf') format('truetype'),url('../fonts/fontawesome-webfont.svg') format('svg');font-weight:normal;font-style:normal}

浏览器可访问到图标字体，页面提示403

这个怎么破？

Answer 1

这个是因为你在七牛的空间中设置了防盗链，但是防盗链中没有设置访问css文件的域名，导致从css文件中访问到的图片的referer是css的域名，不在防盗链的白名单中，所以被403 forbidden了。

Answer 2

目测还要提供Access-Control-Allow-Methods和Access-Control-Allow-Headers头