CORS headers for

Would it be possible to enable CORS headers on
A number of CSSCSS CSS is an acronym for cascading style sheets. This is what controls the design or look and feel of a site./JS features require accessing images/svg/fonts via a fetch request, and currently they’ll be blocked due to a cross-origin request. That means we can’t serve svgs, fonts, and some CSS/JS files from the CDN and instead use

I assume these headers would suffice, which conveniently matches‘s headers, so I assume would be safe for us to do.

access-control-allow-methods: GET, HEAD
access-control-allow-origin: *

If we need to limit it to certain filetypes, images (.svg, .png, .jpg), fonts (.woff2 .woff, .ttf, .eot) and styles/scripts (.css, .js) would probably suffice, but I don’t think there’s any security requirement to do so given the contents of this CDN are static non-cookied non-modifying responses?

Existing cached assets should be fine to be left as-is without the headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes..

Let me know if there’s any questions or concerns.

#crossorigin #cdn #prio3