<div>
Try first adding this to your Webserver config as a header to push for all requests.<br />
<br />

<pre><code class="code-1 nolinks" id="code-20-43290391-1"><span>Access-Control-Allow-Origin: *</span>
</code></pre>
<br />
Once you have this working, then you can tighten your policy, as required.
</div>


<div>
Sorry David....Webserver config?&nbsp; Do you mean add an htaccess file?
</div>


<div>
Apache docs say, &quot;Because early directives are processed before the request path's configuration is traversed, early headers can only be set in a main server or virtual host context. Early directives cannot depend on a request path, so they will fail in contexts such as &lt;Directory&gt; or &lt;Location&gt;.&quot;<br />
<br />
Which likely means the answer to your question is no.<br />
<br />
The... best practices... place to add these is in your /etc/apache2/{conf-availab<wbr />le,conf-en<wbr />abled}/hea<wbr />ders.conf file (or your Distro's equivalent).<br />
<br />
These *.conf files run in the Apache global context, so apply to all hosts.
</div>


Colin Brazier

Fractional CTO

David Favor

<div>
Thanks Chris, no errors are reported in Edge or Firefox and the fonts are being displayed as required in these as well as Chrome, so I'll ignore the warnings.<br><br>Col
</div>


<div>
@Chris is correct.<br />
<br />
You can only access content which you're allowed to access.<br />
<br />
This is the reason for CORS.<br />
<br />
If you don't own the site where content lives, you can't access it... well... in a browser...<br />
<br />
Since CORS is only browser enforced, it's fairly useless.<br />
<br />
If you'd like to access CORS blocked data, just use curl or wget or one of the many headless browsers (with JavaScript support), then just disable CORS on your side, to access the data.<br />
<br />
And... you still won't be able to do this in 1x step in a browser.<br />
<br />
You'll do this in 2x steps - Download data outside browser, then make data available through a Website you control for browsers.<br />
<br />
CORS is like... It's an &quot;advisory&quot; policy... rather than &quot;enforced/real&quot; policy.
</div>


<div>
<div class="content wysiwyg-content fr-view">
Hi all,<br><br>I am getting errors in the console similar to the below at <a href="https://www.fobgfc.org/" rel="ugc">https://www.fobgfc.org/</a>&nbsp;<br><br><em>Access to XMLHttpRequest at 'https://kit.fontawesome.com/6b3cd631e3.js' from origin 'https://www.fobgfc.org' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.</em><br><br><em>content_script.js:207 GET https://kit.fontawesome.com/6b3cd631e3.js net::ERR_FAILED</em><br><br>I am using Chrome. &nbsp;<br><br>In addition to font-awesome, the same errors are appearing with google analytics etc, but I have selected the font-awesome one for this question because it is the simplest to debug for me.<br><br>As far as I can work out, the font-awesome fonts are appearing as they should when they are required, so is this just a warning?<br><br>I have searched EE and found other CORS-related questions and answers but cannot apply them to my instance. &nbsp;<br><br>Any help much appreciated.<br><br>Colin<br><br><em>&nbsp;</em>
</div>
</div>



Hi all,
I am getting errors in the console similar to the below at
https://www.fobgfc.org/
 
Access to XMLHttpRequest at 'https://kit.fontawesome.com/6b3cd631e3.js' from origin 'https://www.fobgfc.org' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
content_script.js:207 GET https://kit.fontawesome.com/6b3cd631e3.js net::ERR_FAILED
I am using Chrome.  
In addition to font-awesome, the same errors are appearing with google analytics etc, but I have selected the font-awesome one for this question because it is the simplest to debug for me.
As far as I can work out, the font-awesome fonts are appearing as they should when they are required, so is this just a warning?
I have searched EE and found other CORS-related questions and answers but cannot apply them to my instance.  
Any help much appreciated.
Colin
 

How can I fix my CORS errors?

HTML (HyperText Markup Language) is the main markup language for creating web pages and other information to be displayed in a web browser, providing both the structure and content for what is sent from a web server through the use of tags. The current implementation of the HTML specification is HTML5.

HTML

Chrome is a free web browser created by Google. Originally released in 2008, it has grown to become the most used desktop web browser (as of October 2016).

Chrome

Web browsers are applications used primarily to display documents, files and media from the Internet, identified by a Uniform Resource Identifier (URI) that can be a page, image, video or other file. Some browsers require the use of add-ons or extensions to safely render the information they receive; others have systems built into them to perform the same functions.