Font from origin 'http://img.***.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://***.com' is therefore not allowed access. The response had HTTP status code 403. (index):1
GET http://img.***.com/wp-content/themes/someone-v2/fonts/fontawesome-webfont.woff
Already loaded
location ~* \.(eot|otf|ttf|woff|svg)$ {
add_header Access-Control-Allow-Origin *;
}
font-awesome.min.css:
@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot');src:url('../fonts/fontawesome-webfont.eot') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff') format('woff'),url('../fonts/fontawesome-webfont.ttf') format('truetype'),url('../fonts/fontawesome-webfont.svg') format('svg');font-weight:normal;font-style:normal}
The browser can access the icon font, and the page prompts 403
How to break this?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
This is because you have set up anti-hotlinking in Qiniu’s space, but the domain name for accessing the css file is not set in the anti-hotlinking function. As a result, the referer of the image accessed from the css file is the domain name of css, which is not in the whitelist of anti-hotlinking. , so it is 403 forbidden.
Visual inspection also requires the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers