Solution Firefox Font Face Cross Domain Problem

Posted by Ronald Eddy on Saturday, April 12, 2014

Firefox Font-Face Cross Domain Problem:

The other day I was working on a website that we were accelerating with a content deliver network (CDN). All the static content was to go through the cdn including the styles (css) file. We ran into a weird bug on Firefox. Font-face styles were not showing. The fonts were loading off the sub domain while the rest of the site was running off

	src:url('../fonts/preloslab-medium-webfont.eot?#iefix') format('embedded-opentype'),
		url('../fonts/preloslab-medium-webfont.woff') format('woff'),
		url('../fonts/preloslab-medium-webfont.ttf') format('truetype'),
		url('../fonts/preloslab-medium-webfont.svg#PreloSlabMedium') format('svg');


Seems that Firefox supports the Cross-Origin Resource Sharing standard (CORS) for HTTP requests of some types of resource. This is a way for a remote host to control access to some types of resource. As it turns out, web fonts are subject to CORS. So, the appropriate Access Control headers need to be sent to the browser to allow the domain originating the request (the Origin) access to the resource.

Firefox Font-Face Cross Domain Solution:

Seems messy but it really isn’t. The correct header is:

On an Apache server you can accomplish this with a little edit to the .htaccess file.
<FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css)$">
  <IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin ""
Note: while you should be able to list several domains separated by a comma. This did not work. I had to use Header set Access-Control-Allow-Origin “*” for multiple domains.

Font-Face Mime Types

While you are at it, you can also add the correct mime types to the files.

AddType application/ .eot
AddType font/ttf .ttf
AddType font/otf .otf
AddType application/x-font-woff woff

comments powered by Disqus