Skip to content

Allowing WOFF fonts to be accessed from other domains (CORS)

Jump to bottom Edit New page
Rehno Lindeque edited this page Mar 29, 2014 · 6 revisions

Update

There's now some middleware available on hackage to help with CORS: http://hackage.haskell.org/package/wai-cors-0.1.1

WOFF fonts may not be accessed from other domains by default. That means that your page at http://www.example.com/ may not access a font http://static.example.com/font.woff. The solution is to add a CORS header to the WOFF font allowing it to be used from other domains.

A simple way of doing so is by rewriting all responses whose Content-type is application/font-woff in order to include the CORS header. You may do so using the following simple WAI middleware:

-- | Add a permissive CORS header to WOFF files.
--
-- Written for wai-1.4.0 and http-types-0.8.0 but may work on
-- many previous or next versions.
addCORStoWOFF :: W.Middleware
addCORStoWOFF app = fmap updateHeaders . app
  where
    updateHeaders (W.ResponseFile    status headers fp mpart) = W.ResponseFile    status (new headers) fp mpart
    updateHeaders (W.ResponseBuilder status headers builder)  = W.ResponseBuilder status (new headers) builder
    updateHeaders (W.ResponseSource  status headers src)      = W.ResponseSource  status (new headers) src
    new headers | woff      = cors : headers
                | otherwise =        headers
      where woff = lookup HT.hContentType headers == Just "application/font-woff"
            cors = ("Access-Control-Allow-Origin", "*")
Add a custom footer
Add a custom sidebar
Clone this wiki locally