ericallam
commented
10 years ago I'd be happy to accept a PR and test case for this change. Send it along and I'll take a look :)
Open will-r opened 10 years ago
ericallam
commented
10 years ago I'd be happy to accept a PR and test case for this change. Send it along and I'll take a look :)
bradleypriest
commented
7 years ago For future readers, this has been fixed in https://github.com/ericallam/font_assets/pull/27
This is a very nice fix but I can't use it because it catches all OPTIONS requests, not just those for font files.
We have a lot of other CORS requests coming into this service and many include credentials. In that case you can't give access to '*' but have to specify domains. Like everyone else we evade this protection by reflecting back the requesting domain. Font_assets intercepts the options request is before it gets to our controller, so this hack can't be applied.
The problem goes away if you omit the economical shortcut for preflight requests and allow them to go through the same if-font-then-headers routine as the main request. I'd be happy to prepare a PR and test case if that's an acceptable solution for you.