响应中缺少 Access-Control-Allow-Origin 标头

我正在尝试调试一个问题。

在我的某个网站上，字体文件无法正确加载。有人在检查器日志中报告了此错误：

Font from origin 'http://d1h0r2f9g9fk4d.cloudfront.net' has been 
blocked from loading by Cross-Origin Resource Sharing policy: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://bit.ly/1Z4W4JZ' is therefore 
not allowed access.

说看不到字体文件的人还附上了该网站的屏幕截图：

您可以看到字体（应该是插入符号）没有显示。

在这种情况下，我相信是 Font-awesome 没有为他加载。

---

• Cloudfront 是 CDN
• nGinx 是源（并且正确发送了 Access-Control-Allow-Origin 标头）

我已经执行了curl -v -I，您可以看到以下响应：

我的工作回应

curl -v -I http://d1h0r2f9g9fk4d.cloudfront.net/static/release/fonts/fontawesome-webfont.ttf?v=4.3.0
* Hostname was NOT found in DNS cache
*   Trying 54.230.149.120...
* Connected to d1h0r2f9g9fk4d.cloudfront.net (54.230.149.120) port 80 (#0)
> HEAD /static/release/fonts/fontawesome-webfont.ttf?v=4.3.0 HTTP/1.1
> User-Agent: curl/7.35.0
> Host: d1h0r2f9g9fk4d.cloudfront.net
> Accept: */*
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Content-Type: application/octet-stream
Content-Type: application/octet-stream
< Connection: keep-alive
Connection: keep-alive
* Server nginx/1.4.6 (Ubuntu) is not blacklisted
< Server: nginx/1.4.6 (Ubuntu)
Server: nginx/1.4.6 (Ubuntu)
< Date: Wed, 06 Jan 2016 09:33:59 GMT
Date: Wed, 06 Jan 2016 09:33:59 GMT
< Last-Modified: Tue, 09 Jun 2015 10:46:31 GMT
Last-Modified: Tue, 09 Jun 2015 10:46:31 GMT
< ETag: "5576c407-1dcec"
ETag: "5576c407-1dcec"
< Expires: Thu, 04 Feb 2016 18:03:03 GMT
Expires: Thu, 04 Feb 2016 18:03:03 GMT
< Cache-Control: max-age=2592000
Cache-Control: max-age=2592000
< X-Varnish: 2146103981 2146009331
X-Varnish: 2146103981 2146009331
< Age: 55857
Age: 55857
< Via: 1.1 varnish, 1.1 f836ea1710367746c54dbe5fbb422013.cloudfront.net (CloudFront)
Via: 1.1 varnish, 1.1 f836ea1710367746c54dbe5fbb422013.cloudfront.net (CloudFront)
< X-Hashed-On: /static/release/fonts/fontawesome-webfont.ttf?v=4.3.0*cdn.rentivo.com
X-Hashed-On: /static/release/fonts/fontawesome-webfont.ttf?v=4.3.0*cdn.rentivo.com
< X-Discovery: not-set
X-Discovery: not-set
< X-Cache-Lookup: lookup
X-Cache-Lookup: lookup
< X-Cachable: 1
X-Cachable: 1
< Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: *
< X-Cache: Miss from cloudfront
X-Cache: Miss from cloudfront
< X-Amz-Cf-Id: UlVhI7Nix19cnSqakrZ3dqVta9ROM8thQ9c0rixacW-dZpC9wCCe4Q==
X-Amz-Cf-Id: UlVhI7Nix19cnSqakrZ3dqVta9ROM8thQ9c0rixacW-dZpC9wCCe4Q==

< 
* Connection #0 to host d1h0r2f9g9fk4d.cloudfront.net left intact

您可以清楚地看到它 Access-Control-Allow-Origin: *存在于字体标题中。

我曾尝试使 Cloudfront 分发无效，想着也许边缘服务器有一个没有这些标头的旧版本，但该人仍然说他无法查看标头。

我请他为我执行一次 curl 日志，这是他的回应。

他的失败回应

curl -v -I http://d1h0r2f9g9fk4d.cloudfront.net/static/release/fonts/fontawesome-webfont.ttf?v=4.3.0
*   Trying 54.230.149.120...
* Connected to d1h0r2f9g9fk4d.cloudfront.net (54.230.149.120) port 80 (#0)
> HEAD /static/release/fonts/fontawesome-webfont.ttf?v=4.3.0 HTTP/1.1
> Host: d1h0r2f9g9fk4d.cloudfront.net
> User-Agent: curl/7.43.0
> Accept: */*
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Content-Encoding: gzip
Content-Encoding: gzip
< Content-Length: 71646
Content-Length: 71646
< Content-Type: application/octet-stream
Content-Type: application/octet-stream
< ETag: "5576c407-1dcec"
ETag: "5576c407-1dcec"
< Server: nginx/1.4.6 (Ubuntu)
Server: nginx/1.4.6 (Ubuntu)
< Expires: Wed, 03 Feb 2016 10:08:00 GMT
Expires: Wed, 03 Feb 2016 10:08:00 GMT
< Last-Modified: Tue, 09 Jun 2015 10:46:31 GMT
Last-Modified: Tue, 09 Jun 2015 10:46:31 GMT
< Connection: keep-alive
Connection: keep-alive
< Date: Wed, 06 Jan 2016 01:04:10 GMT
Date: Wed, 06 Jan 2016 01:04:10 GMT

< 
* Connection #0 to host d1h0r2f9g9fk4d.cloudfront.net left intact

我不明白发生了什么。他的 ISP 会不会对他进行一些荒谬的监听/优化？如果你注意到，标头响应甚至不匹配。你至少会看到

< X-Cache: Miss from cloudfront
X-Cache: Miss from cloudfront
< X-Amz-Cf-Id: UlVhI7Nix19cnSqakrZ3dqVta9ROM8thQ9c0rixacW-dZpC9wCCe4Q==
X-Amz-Cf-Id: UlVhI7Nix19cnSqakrZ3dqVta9ROM8thQ9c0rixacW-dZpC9wCCe4Q==

这些都缺失了。

有人有任何见解吗？