响应中缺少 Access-Control-Allow-Origin 标头

响应中缺少 Access-Control-Allow-Origin 标头

我正在尝试调试一个问题。

在我的某个网站上,字体文件无法正确加载。有人在检查器日志中报告了此错误:

Font from origin 'http://d1h0r2f9g9fk4d.cloudfront.net' has been 
blocked from loading by Cross-Origin Resource Sharing policy: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://bit.ly/1Z4W4JZ' is therefore 
not allowed access.

说看不到字体文件的人还附上了该网站的屏幕截图:

在此处输入图片描述

您可以看到字体(应该是插入符号)没有显示。

在这种情况下,我相信是 Font-awesome 没有为他加载。


  • Cloudfront 是 CDN
  • nGinx 是源(并且正确发送了 Access-Control-Allow-Origin 标头)

我已经执行了curl -v -I,您可以看到以下响应:

我的工作回应

curl -v -I http://d1h0r2f9g9fk4d.cloudfront.net/static/release/fonts/fontawesome-webfont.ttf?v=4.3.0
* Hostname was NOT found in DNS cache
*   Trying 54.230.149.120...
* Connected to d1h0r2f9g9fk4d.cloudfront.net (54.230.149.120) port 80 (#0)
> HEAD /static/release/fonts/fontawesome-webfont.ttf?v=4.3.0 HTTP/1.1
> User-Agent: curl/7.35.0
> Host: d1h0r2f9g9fk4d.cloudfront.net
> Accept: */*
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Content-Type: application/octet-stream
Content-Type: application/octet-stream
< Connection: keep-alive
Connection: keep-alive
* Server nginx/1.4.6 (Ubuntu) is not blacklisted
< Server: nginx/1.4.6 (Ubuntu)
Server: nginx/1.4.6 (Ubuntu)
< Date: Wed, 06 Jan 2016 09:33:59 GMT
Date: Wed, 06 Jan 2016 09:33:59 GMT
< Last-Modified: Tue, 09 Jun 2015 10:46:31 GMT
Last-Modified: Tue, 09 Jun 2015 10:46:31 GMT
< ETag: "5576c407-1dcec"
ETag: "5576c407-1dcec"
< Expires: Thu, 04 Feb 2016 18:03:03 GMT
Expires: Thu, 04 Feb 2016 18:03:03 GMT
< Cache-Control: max-age=2592000
Cache-Control: max-age=2592000
< X-Varnish: 2146103981 2146009331
X-Varnish: 2146103981 2146009331
< Age: 55857
Age: 55857
< Via: 1.1 varnish, 1.1 f836ea1710367746c54dbe5fbb422013.cloudfront.net (CloudFront)
Via: 1.1 varnish, 1.1 f836ea1710367746c54dbe5fbb422013.cloudfront.net (CloudFront)
< X-Hashed-On: /static/release/fonts/fontawesome-webfont.ttf?v=4.3.0*cdn.rentivo.com
X-Hashed-On: /static/release/fonts/fontawesome-webfont.ttf?v=4.3.0*cdn.rentivo.com
< X-Discovery: not-set
X-Discovery: not-set
< X-Cache-Lookup: lookup
X-Cache-Lookup: lookup
< X-Cachable: 1
X-Cachable: 1
< Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: *
< X-Cache: Miss from cloudfront
X-Cache: Miss from cloudfront
< X-Amz-Cf-Id: UlVhI7Nix19cnSqakrZ3dqVta9ROM8thQ9c0rixacW-dZpC9wCCe4Q==
X-Amz-Cf-Id: UlVhI7Nix19cnSqakrZ3dqVta9ROM8thQ9c0rixacW-dZpC9wCCe4Q==

< 
* Connection #0 to host d1h0r2f9g9fk4d.cloudfront.net left intact

您可以清楚地看到它 Access-Control-Allow-Origin: *存在于字体标题中。

我曾尝试使 Cloudfront 分发无效,想着也许边缘服务器有一个没有这些标头的旧版本,但该人仍然说他无法查看标头。

我请他为我执行一次 curl 日志,这是他的回应。

他的失败回应

curl -v -I http://d1h0r2f9g9fk4d.cloudfront.net/static/release/fonts/fontawesome-webfont.ttf?v=4.3.0
*   Trying 54.230.149.120...
* Connected to d1h0r2f9g9fk4d.cloudfront.net (54.230.149.120) port 80 (#0)
> HEAD /static/release/fonts/fontawesome-webfont.ttf?v=4.3.0 HTTP/1.1
> Host: d1h0r2f9g9fk4d.cloudfront.net
> User-Agent: curl/7.43.0
> Accept: */*
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Content-Encoding: gzip
Content-Encoding: gzip
< Content-Length: 71646
Content-Length: 71646
< Content-Type: application/octet-stream
Content-Type: application/octet-stream
< ETag: "5576c407-1dcec"
ETag: "5576c407-1dcec"
< Server: nginx/1.4.6 (Ubuntu)
Server: nginx/1.4.6 (Ubuntu)
< Expires: Wed, 03 Feb 2016 10:08:00 GMT
Expires: Wed, 03 Feb 2016 10:08:00 GMT
< Last-Modified: Tue, 09 Jun 2015 10:46:31 GMT
Last-Modified: Tue, 09 Jun 2015 10:46:31 GMT
< Connection: keep-alive
Connection: keep-alive
< Date: Wed, 06 Jan 2016 01:04:10 GMT
Date: Wed, 06 Jan 2016 01:04:10 GMT

< 
* Connection #0 to host d1h0r2f9g9fk4d.cloudfront.net left intact

我不明白发生了什么。他的 ISP 会不会对他进行一些荒谬的监听/优化?如果你注意到,标头响应甚至不匹配。你至少会看到

< X-Cache: Miss from cloudfront
X-Cache: Miss from cloudfront
< X-Amz-Cf-Id: UlVhI7Nix19cnSqakrZ3dqVta9ROM8thQ9c0rixacW-dZpC9wCCe4Q==
X-Amz-Cf-Id: UlVhI7Nix19cnSqakrZ3dqVta9ROM8thQ9c0rixacW-dZpC9wCCe4Q==

这些都缺失了。

有人有任何见解吗?

答案1

回复很晚,但在努力解决同样的问题时偶然发现了这个帖子。

尝试在您的 curl 请求中添加一个 Origin 标头;这为我解决了这个问题 - 类似于:

curl -v -I "http://d1h0r2f9g9fk4d.cloudfront.net/static/release/fonts/fontawesome-webfont.ttf?v=4.3.0" -H "Origin: https://example.com"

相关内容