[freeze break request] Enable CORS for webfont files
Ricky Elrod
codeblock at elrod.me
Wed Nov 26 23:14:41 UTC 2014
We can try something like this, which seems to work locally, but I've
never used it before.
Of course, someone could register "ireallylovethefedoraproject.org" or
even set up "i.love.the.fedoraproject.org.mydomain.com" and they'd still
be able to hotlink to our fonts. I'm not sure how much of a conern that
really is, though. Or we could list every possible site we run that
might ever include the fonts, but that seems like it could get annoying too.
commit db81a1e1353d67adbe9a2aff76968a9ae9407708
Author: Ricky Elrod <codeblock at fedoraproject.org>
Date: Wed Nov 26 21:27:52 2014 +0000
Enable CORS header for webfonts
Signed-off-by: Ricky Elrod <codeblock at fedoraproject.org>
diff --git a/modules/fedora-web/files/fedora-web.conf
b/modules/fedora-web/files/fedora-web.conf
index 5ed95aa..647dd02 100644
--- a/modules/fedora-web/files/fedora-web.conf
+++ b/modules/fedora-web/files/fedora-web.conf
@@ -14,6 +14,11 @@ AddEncoding gzip .svgz
</IfModule>
</FilesMatch>
+<FilesMatch \-webfont>
+ SetEnvIfNoCase Origin
"https?://.*\.fedora(project|people|hosted)\.org.*" ACAO=$0
+ Header set Access-Control-Allow-Origin %{ACAO}e env=ACAO
+</FilesMatch>
+
<Location /static/checksums/>
Options Indexes
</Location>
On 11/26/2014 05:30 PM, Kevin Fenzi wrote:
> Yeah, +1 here too, but I echo pingou's query about making it more
> specific if we can do that. ;)
>
> kevin
>
>
>
> _______________________________________________
> infrastructure mailing list
> infrastructure at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20141126/efcc21f9/attachment-0001.sig>
More information about the infrastructure
mailing list