On Sep 17, 2014 8:02 PM, "Michael Niedermayer" <michae...@gmx.at> wrote: > > On Wed, Sep 17, 2014 at 07:16:30PM -0700, Daniel Verkamp wrote: > > On Wed, Sep 17, 2014 at 12:59 PM, Michael Niedermayer <michae...@gmx.at> wrote: > > > On Wed, Sep 17, 2014 at 11:33:32AM -0700, Daniel Verkamp wrote: > > >> Hi FFmpeg web folks, > > >> > > >> When visiting http://fate.ffmpeg.org/ using a browser that enforces > > >> CORS[1], loading the FontAwesome icon font causes this error: > > >> > > >> Font from origin 'https://ffmpeg.org' has been blocked from loading > > >> by Cross-Origin Resource Sharing policy: No > > >> 'Access-Control-Allow-Origin' header is present on the requested > > >> resource. Origin 'http://fate.ffmpeg.org' is therefore not allowed > > >> access. > > [...] > > > > > > as you seem to know this / have researched it already > > > can you post what i need to add to httpd.conf to make this work ? > > > > Something like this (untested) should work: > > > > > <Location /fonts/> > > Header set Access-Control-Allow-Origin "*" > > </Location>
I think only allowing *.ffmpeg.org is safer from a security PoV. I am already aware of this problem when I wrote the patch that changed the behavior. See http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/2014-July/160502.html Timothy _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
