Hello, I inserted this code to my website option https://eistnaflug.is/heim-copy/ : Code: location ~ \.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$ { add_header "Access-Control-Allow-Origin" "*"; expires 1M; access_log off; add_header Cache-Control "public"; } Still I'm getting this error on my wordpress site: Code: Access to Font at 'https://da8dsugrl65ch.cloudfront.net/fonts/fontawesome-webfont.woff2?v=4.7.0' from origin 'https://eistnaflug.is' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://eistnaflug.is' is therefore not allowed access. The response had HTTP status code 403. (index):1 Access to Font at 'https://da8dsugrl65ch.cloudfront.net/fonts/fontawesome-webfont.woff?v=4.7.0' from origin 'https://eistnaflug.is' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://eistnaflug.is' is therefore not allowed access. The response had HTTP status code 403. (index):1 Access to Font at 'https://da8dsugrl65ch.cloudfront.net/fonts/fontawesome-webfont.ttf?v=4.7.0' from origin 'https://eistnaflug.is' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://eistnaflug.is' is therefore not allowed access. The response had HTTP status code 403. 2yUAtx3O-LV4:1 XMLHttpRequest cannot load https://googleads.g.doubleclick.net/pagead/id. Redirect from 'https://googleads.g.doubleclick.net/pagead/id' to 'https://googleads.g.doubleclick.net/pagead/id?dpt=1' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.youtube.com' is therefore not allowed access. How to fix ?
Not sure about other lines but try changing the second line to "add_header Access-Control-Allow-Origin *;" instead.
Changed the line and still get the same error: Code: Access to Font at 'https://da8dsugrl65ch.cloudfront.net/fonts/fontawesome-webfont.woff2?v=4.7.0' from origin 'https://eistnaflug.is' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://eistnaflug.is' is therefore not allowed access. The response had HTTP status code 403. (index):1 Access to Font at 'https://da8dsugrl65ch.cloudfront.net/fonts/fontawesome-webfont.woff?v=4.7.0' from origin 'https://eistnaflug.is' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://eistnaflug.is' is therefore not allowed access. The response had HTTP status code 403. (index):1 Access to Font at 'https://da8dsugrl65ch.cloudfront.net/fonts/fontawesome-webfont.ttf?v=4.7.0' from origin 'https://eistnaflug.is' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://eistnaflug.is' is therefore not allowed access. The response had HTTP status code 403. 3yUAtx3O-LV4?controls=0&showinfo=0&enablejsapi=1&origin=https%3A%2F%2Feistnaflug.is&widgetid=1:1 XMLHttpRequest cannot load https://googleads.g.doubleclick.net/pagead/id. Redirect from 'https://googleads.g.doubleclick.net/pagead/id' to 'https://googleads.g.doubleclick.net/pagead/id?dpt=1' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.youtube.com' is therefore not allowed access.
not sure if this might help you https://crunchify.com/how-to-fix-ac...your-https-enabled-wordpress-site-and-maxcdn/
Did you restart nginx after making the said changes? If that does not work, try removing "font.css|" in the first line and restart nginx again.
@ahrasis - thanks for replay. now the font and icons are without errors but now I get this error: Code: XMLHttpRequest cannot load https://googleads.g.doubleclick.net/pagead/id. Redirect from 'https://googleads.g.doubleclick.net/pagead/id' to 'https://googleads.g.doubleclick.net/pagead/id?dpt=1' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.youtube.com' is therefore not allowed access.
There is no fix for that yet so far that I know. You can read more about it here. And for a note regarding the "add_header Access-Control-Allow-Origin *;" is that it is allowing all domains / ips and if you allow .js, that means your page may be hijacked / manipulated. The best practice is to limit the source and the type of file to that that you really need only. Do google around for further explanations and samples.
