I checked some other solutions on StackOverflow and did not find the answer I am needing so I am asking this.
I have a site 'subdomain.myexamplesite.com' and my main website 'myexamplesite.com'.
I am hosting my CSS on 'myexamplesite.com' for the 'subdomain.myexamplesite.com' because I wanted to have all the CSS files in one place.
I don't have any issues with cross domain issues doing the hosting of the CSS files this way. Everything renders great.
The issue I have now is, I am using an #font-face and trying to get that to my subdomain site. But I am getting a cross domain error:
Font from origin 'https://www.myexamplesite.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://subdomain.myexamplesite.com' is therefore not allowed access.
The main website is a .Net website (Umbraco CMS to be exact) hosting on an IIS server. The other site is a different .Net site but still is hosted on IIS.
Since it is IIS, I don't think .htaccess file applies in my case.
I have a crossdomain.xml on my main website to allow access from my subdomain just to be sure. But that does not work.
I am referencing the font file correctly in the CSS for my subdomain site otherwise I don't think I would be getting the Font cross domain error.
Does anyone have any suggestions if it is possible to host fonts on my main domain and allow the sub domain site to use those same fonts.
Any ideas?
For a font file you need to set Access-Control-Allow-Origin http header.
To set it on all files add this to the web.config
<httpProtocol>
<customHeaders>
<remove name="Cache-Control" />
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" />
</customHeaders>
</httpProtocol>
Or more specific add something like this to the web.config below the <system.webServer> and set the location path to your font file.
<location path="static/fonts/source-sans-pro-regular.ttf" inheritInChildApplications="false">
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
</system.webServer>
</location>
See cross-domain-fonts
and 59378-Centralized-Umbraco-7-Dashboards-Access-Control-Allow-Origin
and access-control-allow-origin-multiple-origin-domains
and font-face-fonts-only-work-on-their-own-domain
Related
I'm facing a problem with my WordPress website, it has a subdomain, blog.domain.com, when I access the blog I get the following error in my console:
Access to Font at www.domain.com/wp-content/themes/Divi/core/admin/fonts/modules.ttf from origin blog.domain.com has been blocked by CORS policy: No Access-Control-Allow-Origin header is present on the requested resource.
Currently, my website is hosted in Azure, I tried activating the option "Cross-Origin Resource Sharing - Cors" in my hosting options, it solved the issue, but it made the website a lot slower (16 sec), so I'm looking for an alternative to this issue.
If anyone has any idea how I can resolve this, I am opened to suggestions, I would appreciate it!
Thanks
If you use the windows azure web app, I suggest you could try to access below url:
https://yourwebappname.scm.azurewebsites.net/DebugConsole
Then you should go to the site\wwwroot and find the web.config file and add below config setting:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
</system.webServer>
I have 2 websites hosted on windows server 2012. One website is using asp.net while other is wordpress. I want to embed asp.net page in wordpress. But, it is not showing anything. I did some research and came to know that perhaps, I have to allow permission for external website. Please guide me how to do it, should I add anything in web.config? I added below in asp.net but it did not help
<head>
<meta http-equiv="X-Frame-Options" content="allow">
</head>
Please guide, how to allow external website in iframe?
The iframe looks like below:
[iframe mydomain.com/signIn.aspx 640px 400px]
Thanks
You can do it in your web.config (if hosted on IIS 7.0 or later):
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Frame-Options" /> <!-- optional -->
<add name="X-Frame-Options" value="ALLOW" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
This must be added in the application being "framed" (in your case an asp.net app), not in the parent app (wordpress).
Reference: https://www.iis.net/configreference/system.webserver/httpprotocol
I want to disable x-frame-options in my website, I want that no other website can show my webpages in their web pages using iframes. My website is made in ASP.net MVC3 and hosted in IIS 7.5.
There are a bunch of ways to go about this. But one of the easiest is adding <customHeaders> section to the web.config and it will append that header to each request.
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="DENY" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
I am using IIS 8 on Server 2012 and have an MVC website serving extensionless pages. I'm trying to harden IIS by blocking all but an allowed set of extensions in the request filtering section. As extensionless MVC pages have no extension, this is proving somewhat difficult!
I've tried adding .mvc, .aspx and .cshtml to the allowed list to see if any of those would work but by unticking Allow unlisted file name extensions in the Edit Feature Settings menu, I keep getting a 404 error.
Is there any combination of special characters or some kind of keyword I can use to add extensionless addresses to the allowed list so that I can block all unlisted extensions? I really dont want to have to allow unlisted file name extensions and then create a list of hundreds of denied extensions.
Cheers all!
Sure. To allow extensionless adresses, add <add fileExtension="." allowed="true" /> to your web.config as below:
<system.webServer>
<security>
<requestFiltering>
<fileExtensions allowUnlisted="false">
<add fileExtension="." allowed="true" />
</fileExtensions>
</requestFiltering>
</security>
</system.webServer>
Let me know if this helped.
I have a web application which is hosted in iis7 in amazon ec2 instance.The directory structure is like Website>Pages>welcome.aspx.The physical path for the iis site has been set at website level.I have added the default page as pages/welcome.aspx.Now when we are accessing the website the site redirects to the default page but the url remains like abc.com:XXXX rather than abc.com:XXXX/pages/welcome.aspx.Now when someone clicks on links with href like abcd.aspx, a page not found exception is thrown as it is searching for the content in the root directory rather than in the pages directory.
Go to your web.config and add:
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="pages/welcome.aspx" />
</files>
</defaultDocument>
</system.webServer>
From this post.