We can try something like this, which seems to work locally, but I've never used it before.
Of course, someone could register "ireallylovethefedoraproject.org" or even set up "i.love.the.fedoraproject.org.mydomain.com" and they'd still be able to hotlink to our fonts. I'm not sure how much of a conern that really is, though. Or we could list every possible site we run that might ever include the fonts, but that seems like it could get annoying too. commit db81a1e1353d67adbe9a2aff76968a9ae9407708 Author: Ricky Elrod <[email protected]> Date: Wed Nov 26 21:27:52 2014 +0000 Enable CORS header for webfonts Signed-off-by: Ricky Elrod <[email protected]> diff --git a/modules/fedora-web/files/fedora-web.conf b/modules/fedora-web/files/fedora-web.conf index 5ed95aa..647dd02 100644 --- a/modules/fedora-web/files/fedora-web.conf +++ b/modules/fedora-web/files/fedora-web.conf @@ -14,6 +14,11 @@ AddEncoding gzip .svgz </IfModule> </FilesMatch> +<FilesMatch \-webfont> + SetEnvIfNoCase Origin "https?://.*\.fedora(project|people|hosted)\.org.*" ACAO=$0 + Header set Access-Control-Allow-Origin %{ACAO}e env=ACAO +</FilesMatch> + <Location /static/checksums/> Options Indexes </Location> On 11/26/2014 05:30 PM, Kevin Fenzi wrote: > Yeah, +1 here too, but I echo pingou's query about making it more > specific if we can do that. ;) > > kevin > > > > _______________________________________________ > infrastructure mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/infrastructure >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/infrastructure
