Remove ineffective Access-Control-Allow-Origin header #4275
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
By submitting this pull request, I confirm the following:
please fill any appropriate checkboxes, e.g: [X]
git rebase
)Please make sure you Sign Off all commits. Pi-hole enforces the DCO.
What does this PR aim to accomplish?:
The Access-Control-Allow-Origin header has only relevance, when a resource is loaded from an external host, so one that does not match the host of the primary loaded website. As the fonts are reasonably loaded via local URLs without hostname or scheme from the blocking page style sheet, they are never seen as external resources, regardless whether the blocking page is shown to the browser from a blocked domain or from the Pi-hole domain/IP. To minimise transferred data and to not explicitly allow external hosts to load resources from each Pi-hole instance, the header should hence be removed.
Addresses #3462
How does this PR accomplish the above?:
The Access-Control-Allow-Origin header is removed from the Lighttpd configurations.
What documentation changes (if any) are needed to support this PR?:
None