ASP.NET CORS blocks font request

Question

ASP.NET CORS blocks font request

I built the ASP.NET web API service and enabled CORS in this service. This service is used to service report template resources (html, image, css, font) . The web client downloads the template and displays a report based on the loaded template.

So, given the service access point: http://templates.domain.com , and I'm trying to access the service (REST, Image, Font) from a web application ( http://client.domain.com ), then the web application -client will download:

http://templates.domain.com/templates/:templateName
http://templates.domain.com/templates/:templateName/css/style.css
http://templates.domain.com/templates/:templateName/image/header.jpg
http://templates.domain.com/templates/:templateName/font/test.ttf

In the above example, the REST API, CSS, and images from the service work well, but the font is locked / not executed.

Font from source ' http: // localhost: 49350 ' blocked loading by resource sharing policy Cross-Origin: No The header header Access-Control-Allow-Origin is present in the requested resource. Origin of 'null'

So far I have tried the solutions below, but the font is still locked.

Microsoft.Owin.Cors :
app.UseCors(CorsOptions.AllowAll);
Microsoft.AspNet.WebApi.Cors :
var cors = new EnableCorsAttribute("*", "*", "*"); config.EnableCors(cors);

+6

asp.net cors asp.net-web-api

Adi sembiring Sep 11 '15 at 9:03

source share

1 answer

Oliver · Answer 1 · 2015-09-11T09:58:22+0000

Are you using OWIN or WebAPI?

For Aspire WebPI, the following will resolve everything through:

 <system.webServer> <httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="*" /> </customHeaders> </httpProtocol> </system.webServer>

It’s important to note that resolving “*” is a potential security vulnerability, since you say that any of them can call these methods.

ASP.NET CORS blocks font request

More articles: