Fonts Not Loading in Documents & Web Pages
Most web browsers do not allow cross-domain requests, this is because of the same origin security policy. The result is that sometimes when using web-fonts from another domain, this can cause errors and the font does not load in the web page (or HireHop documents). Basically, for security reasons, some files are being „flagged“ as not being allowed to be used across different domains by the server that hosts them, so the following typical code might not seem to work:
<style type="text/css"> @font-face { font-family: "OpenSans"; src: url("https://my_server.com/fonts/OpenSans.woff2") format("woff2"); } html, body{ font: normal 16px OpenSans, sans-serif; } </style>
The Solution
To fix cross-origin restrictions for your fonts, the response from remote server that hosts the font files must include the Access-Control-Allow-Origin header in the font file.
If you’re using font services like Typekit or Google Fonts, or maybe content delivery networks like BootstrapCDN, CdnJS or JsDelivr to load your prefered fonts, you don’t need to do anything, because the Access-Control-Allow-Origin header is already sent in their response header.
Apache
To configure an Apache web server, put the following code into the httpd.conf
or .htaccess
file.
- Add the mime type headers on Apache:
AddType application/vnd.ms-fontobject .eot AddType application/x-font-opentype .otf AddType image/svg+xml .svg AddType application/x-font-ttf .ttf AddType application/font-woff .woff AddType application/font-woff2 .woff2
- Enable cross-origin resource sharing (CORS) on Apache for the mime types:
<IfModule mod_headers.c> <FilesMatch ".(eot|otf|svg|ttf|woff|woff2?)$"> Header set Access-Control-Allow-Origin "*" </FilesMatch> </IfModule>
NGINX
To configure an NGINX web server, put the following code into the /etc/nginx/nginx.conf
or your custom /etc/nginx/conf.d/custom.conf
file.
- Add the mime type headers on NGINX:
application/vnd.ms-fontobject eot; application/x-font-opentype otf; image/svg+xml svg; application/x-font-ttf ttf; application/font-woff woff; application/font-woff2 woff2;
- Enable cross-origin resource sharing (CORS) on NGINX for the mime types:
location ~* .(eot|otf|svg|ttf|woff|woff2)$ { add_header Access-Control-Allow-Origin *; }
IIS
To configure the Microsoft IIS, add the following the code to the web.config
system.webServer block.
- Enable cross-origin resource sharing (CORS) on IIS
<system.webServer> <httpProtocol> <customHeaders> <add name="access-control-allow-origin" value="*" /> <add name="access-control-allow-headers" value="content-type" /> </customHeaders> </httpProtocol> </system.webServer>
PHP
If you can’t change the server settings, you can always use PHP to deliver the font file.
- Use a server script file rather than a physical font file
<style type="text/css"> @font-face { font-family: 'OpenSans'; src: url('https://my_server.com/fonts/OpenSans.php') format('woff2'); } html, body{ font: normal 16px OpenSans, sans-serif; } </style>
- How to fix cross-domain @font-face issues with PHP
<?php // fonts.php header('Access-Control-Allow-Origin: *'); header('Content-Type: application/font-woff2'); echo @file_get_contents('/fonts/OpenSans.woff2'); ?>