Why Can\'t I Use @font-face for Cross-Domain Font Embedding in Firefox?

Cross-Domain Font Embedding Issue with @font-face

Problem:

A developer is attempting to create a font repository on a subdomain and access the fonts from other websites using @font-face declarations. However, the fonts only work on the subdomain where they are hosted.

Answer:

The issue lies in Firefox's security mechanism. Firefox considers cross-domain web font embedding a potential security risk. To address this, users can add the following code to the top-level .htaccess file of the subdomain hosting the fonts:

<FilesMatch "\.(ttf|ttc|otf|eot|woff)$">
    <IfModule mod_headers.c>
        Header set Access-Control-Allow-Origin "*"
    </IfModule>
</FilesMatch>

This code allows Firefox to load fonts from the subdomain, overriding its default security measure.

As for limiting access to the font repository, the W3C spec for Access-Control-Allow-Origin only supports wildcards or specific domains. There is no straightforward solution to restrict access only to the authorized user without using custom authentication mechanisms.

The above is the detailed content of Why Can\'t I Use @font-face for Cross-Domain Font Embedding in Firefox?. For more information, please follow other related articles on the PHP Chinese website!