[FFmpeg-devel] Cross-origin resource error on fate.ffmpeg.org

Daniel Verkamp daniel at drv.nu
Wed Sep 17 20:33:32 CEST 2014

Hi FFmpeg web folks,

When visiting http://fate.ffmpeg.org/ using a browser that enforces
CORS[1], loading the FontAwesome icon font causes this error:

  Font from origin 'https://ffmpeg.org' has been blocked from loading
by Cross-Origin Resource Sharing policy: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://fate.ffmpeg.org' is therefore not allowed

The fateserver commit that introduced this (b74b380b) includes this change:

> diff --git a/index.cgi b/index.cgi
> index 7204591..105cb86 100755
> --- a/index.cgi
> +++ b/index.cgi
> [...]
>  print "Content-type: text/html\r\n";
> +print "Access-Control-Allow-Origin: https://ffmpeg.org\r\n";

However, this won't help, since the Access-Control-Allow-Origin header
needs to be on the requested resource (in this case,
fontawesome-webfont.*), not the requester.

To make fate.ffmpeg.org work correctly, the above header would need to
be added to the web server configuration for the files in
ffmpeg.org/fonts with http://fate.ffmpeg.org (or *) as the allowed

When testing, be sure to start with a fresh session (e.g. incognito
window in Chrome) - if you visit ffmpeg.org first, the font will be
cached and the icons on fate.ffmpeg.org will work by accident.

-- Daniel

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

More information about the ffmpeg-devel mailing list