Enabling CORS in IIS for font files only

Question

Enabling CORS in IIS for font files only

Is there a way to enable CORS only for files of a certain type on IIS7? I am leaving this article ( https://www.maxcdn.com/one/tutorial/how-to-use-cdn-with-webfonts/ ) and noticed that the Apache and nginx examples show that CORS is enabled only if request looks for a specific Content-Type, while the IIS example shows that CORS is enabled for everything.

I have CSS referenced on an external site, but the font files are blocked by the browser and want to enable CORS on IIS7, but only for .woff, .woff2, .tff, .eot and .svg files. I do not want to include CORS for everything, if possible.

+7

fonts web-config cors iis-7

Kyle plunkett Sep 22 '16 at 19:49

source share

4 answers

Hackerman's answer is great, and this led me to a solution, however, there are several adjustments that I had to make. The first put the rule in the section outboundRulesunder rewritenode.

<outboundRules>
    <rule name="Enable CORS for Fonts">
        <match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" />
        <conditions>
          <add input="{REQUEST_URI}" pattern="^[^\?]+\.(ttf|otf|eot|woff|woff2|svg)(\?.*)?$" />
        </conditions>
        <action type="Rewrite" value="*" />
    </rule>
</outboundRules>

, , , - URL- :

/some/critical/javascript/file.js?v=.woff
/api/secure/users?v=.woff

...

/some/font.woff
/some/font.woff?etag
/some/font.woff?v=123

+23

Derek Hunziker 14 . '17 1:44

You should add this code to your Web.config:

  <location path="fonts/FontName.ttf">
    <system.webServer>
       <httpProtocol>
          <customHeaders>
             <add name="Access-Control-Allow-Origin" value="*" />
          </customHeaders>
       </httpProtocol>
    </system.webServer>
  </location>

+12

moshtaba morsali Dec 24 '16 at 11:49

source share

Derek Huntsiker's answer is very helpful. he dealt with the amazing font problem on my MBAHunt.in site . But is it possible to provide access only through a specific subdomain to avoid misuse.

0

aang iag Apr 21 '19 at 18:31

source share

Hackerman · Accepted Answer · 2016-09-22T20:37:15+0000

You can install the IIS rewrite module https://www.microsoft.com/en-us/download/details.aspx?id=7435 . After installing the module, restart IIS Manager and click on your site in the "Sites" section. If you see the symbol of the URL rewrite module (shown below) in the window to the right under the IIS section, then you are ready to work:

Then in your Web.config file you need to add the following rule:

<rewrite>
 <rules>
  <rule name="Add Cross Origin Access">
    <match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" />
    <conditions>
      <add input="{REQUEST_URI}" pattern="^[^\?]+\.(ttf|otf|eot|woff|woff2|svg)(\?.*)?$" />
    </conditions>
    <action type="Rewrite" value="*"/>
  </rule>
 </rules>
</rewrite>

Enabling CORS in IIS for font files only

More articles: