steve steve at
Wed Jun 21 19:48:44 UTC 2017

Hi folks,

As a precaution against CORS, I

     add_header Access-Control-Allow-Origin *;

outside any location{} block in my server{} definition.

I have recently had a problem where I deliver .css via a CDN, and that 
CDN references font files also on the CDN, and this was triggering CORS, 
so the font wasn't loaded.

The solution was to also add that header to the location{} block that I 
use to manage the relevant static resources.

This seems rather strange. Is it supposed to work this way?



Steve Holdoway BSc(Hons) MIITP
Skype: sholdowa

More information about the nginx mailing list