Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Allowing WOFF fonts to be accessed from other domains (CORS)

Rehno Lindeque edited this page · 3 revisions
Clone this wiki locally

Update

There's now some middleware available on hackage to help with CORS: http://hackage.haskell.org/package/wai-cors-0.1.1


WOFF fonts may not be accessed from other domains by default. That means that your page at http://www.example.com/ may not access a font http://static.example.com/font.woff. The solution is to add a CORS header to the WOFF font allowing it to be used from other domains.

A simple way of doing so is by rewriting all responses whose Content-type is application/font-woff in order to include the CORS header. You may do so using the following simple WAI middleware:

-- | Add a permissive CORS header to WOFF files.
--
-- Written for wai-1.4.0 and http-types-0.8.0 but may work on
-- many previous or next versions.
addCORStoWOFF :: W.Middleware
addCORStoWOFF app = fmap updateHeaders . app
  where
    updateHeaders (W.ResponseFile    status headers fp mpart) = W.ResponseFile    status (new headers) fp mpart
    updateHeaders (W.ResponseBuilder status headers builder)  = W.ResponseBuilder status (new headers) builder
    updateHeaders (W.ResponseSource  status headers src)      = W.ResponseSource  status (new headers) src
    new headers | woff      = cors : headers
                | otherwise =        headers
      where woff = lookup HT.hContentType headers == Just "application/font-woff"
            cors = ("Access-Control-Allow-Origin", "*")
Something went wrong with that request. Please try again.