Created
August 8, 2016 20:29
-
-
Save cloudwales/abb93b876d627ab9ed104fd0e63f7c27 to your computer and use it in GitHub Desktop.
Cross-Origin Resource Sharing policy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ---------------------------------------------------------------------- | |
| # CORS-enabled images (@crossorigin) | |
| # ---------------------------------------------------------------------- | |
| # Send CORS headers if browsers request them; enabled by default for images. | |
| # developer.mozilla.org/en/CORS_Enabled_Image | |
| # blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html | |
| # hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/ | |
| # wiki.mozilla.org/Security/Reviews/crossoriginAttribute | |
| <IfModule mod_setenvif.c> | |
| <IfModule mod_headers.c> | |
| # mod_headers, y u no match by Content-Type?! | |
| <FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$"> | |
| SetEnvIf Origin ":" IS_CORS | |
| Header set Access-Control-Allow-Origin "*" env=IS_CORS | |
| </FilesMatch> | |
| </IfModule> | |
| </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # Webfont access | |
| # ---------------------------------------------------------------------- | |
| # Allow access from all domains for webfonts. | |
| # Alternatively you could only whitelist your | |
| # subdomains like "subdomain.example.com". | |
| <IfModule mod_headers.c> | |
| <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$"> | |
| Header set Access-Control-Allow-Origin "*" | |
| </FilesMatch> | |
| </IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment