TinyMCE icon font not working when using assets URL

[fritzmg]

• Install constao/standard-edition 4.2.0.
• Create a vhost with two domains pointing to the web directory, e.g. c42.dev and c42assets.dev
• Log into the backend via c42.dev/contao.
• Go to System » Settings » Back end configuration and enter c42assets.dev into Assets URL, then save.
• Go to Content » Articles, create/edit an article and then create/edit a text content element (or go somewhere else, where the TinyMCE will be loaded).
• The icons of the TinyMCE will be missing:

FireFox will not report any error in the console, however Chrome will show the following:

Font from origin 'http://c42assets.dev' has been blocked from loading by Cross-Origin 
Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the 
requested resource. Origin 'http://c42.dev' is therefore not allowed access.

See also https://community.contao.org/de/showthread.php?62969-TinyMCE-Icons-fehlen&p=412574#post412574

This does not happen in Contao 3 btw.

[fritzmg]

Ah, I see now, in Contao 3 it works, because the .htaccess.default of Contao 3 contains

##
# Allow access from all domains for webfonts
# @see https://github.com/h5bp/html5-boilerplate
##
<IfModule mod_headers.c>
  <FilesMatch "\.(ttf|ttc|otf|eot|woff2?|font\.css)$">
    Header set Access-Control-Allow-Origin "*"
  </FilesMatch>
</IfModule>

I am guessing this can be closed, since the default /web/.htaccess of Contao 4 does not come with any of the default (Apache) configurations, that Contao 3 used to have and thus I assume that it is up to the web developer him- or herself to configure the web server properly.

[discordier]

We should at least document it in the install docs then.

[Toflar]

I think we should put that part into the standard-edition. That's what it is for: a starting point to set up a Symfony application with the Contao core bundle.

[fritzmg]

I think we should put that part into the standard-edition. That's what it is for: a starting point to set up a Symfony application with the Contao core bundle.

Shouldn't it provide more than that then though? e.g. the sending of the correct mime type headers (though I think it's unlikely that modern webservers do not send the correct mime type header by default already).

[leofeyer]

We should probably remove <?= TL_ASSETS_URL ?> from the be_tinyMCE.html5 template.

[fritzmg]

But shouldn't the Assets URL of the System configuration apply to all assets, frontend and backend?

[leofeyer]

Domain sharding is deprecated now that there is HTTP/2.

[fritzmg]

Yes, but I thought that change will only happen in Contao 5?

[leofeyer]

I rather meant domain sharding as a general concept.

[leofeyer]

@contao/developers Any objections to removing TL_ASSETS_URL from the editor templates?

[Toflar]

Nope

[leofeyer]

Sorry, I just noticed that removing TL_ASSETS_URL does not make any sense.

I am guessing this can be closed, since the default /web/.htaccess of Contao 4 does not come with any of the default (Apache) configurations, that Contao 3 used to have and thus I assume that it is up to the web developer him- or herself to configure the web server properly.

This is actually the correct answer.

[Toflar]

But still, it should be moved to the standard-edition, because that's where we should set the headers in the default .htaccess.

[leofeyer]

Added in contao/standard-edition@1092c2a.

[fritzmg]

This has been removed in Contao 4.6. Any prticular reason why?

// ah nvm, it is now handled via https://github.com/contao/contao/blob/4.6.6/manager-bundle/src/Resources/skeleton/web/.htaccess#L10-L12