If you specify 2 "Allowed origins" for a Callimachus instance it generates the following CORS headers:
Content-Security-Policy: connect-src http://origin1 http://origin2;form-action http://origin1 http://origin2;frame-ancestors http://origin1 http://origin2;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *; Access-Control-Allow-Origin: http://origin1 http://origin2
Chrome responds to this with the error:
Font from origin 'http://origin1' has been blocked from loading by Cross-Origin Resource Sharing policy: The 'Access-Control-Allow-Origin' header contains multiple values 'http://origin1 http://origin2', but only one is allowed. Origin 'http://origin2' is therefore not allowed access.
If you specify 2 "Allowed origins" for a Callimachus instance it generates the following CORS headers:
Content-Security-Policy: connect-src http://origin1 http://origin2;form-action http://origin1 http://origin2;frame-ancestors http://origin1 http://origin2;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *; Access-Control-Allow-Origin: http://origin1 http://origin2Chrome responds to this with the error:
Font from origin 'http://origin1' has been blocked from loading by Cross-Origin Resource Sharing policy: The 'Access-Control-Allow-Origin' header contains multiple values 'http://origin1 http://origin2', but only one is allowed. Origin 'http://origin2' is therefore not allowed access.See https://www.w3.org/TR/cors/#resource-implementation for a proposed workaround.