On Wed, Sep 17, 2014 at 08:49:06PM -0700, Timothy Gu wrote: > On Sep 17, 2014 8:02 PM, "Michael Niedermayer" <michae...@gmx.at> wrote: > > > > On Wed, Sep 17, 2014 at 07:16:30PM -0700, Daniel Verkamp wrote: > > > On Wed, Sep 17, 2014 at 12:59 PM, Michael Niedermayer <michae...@gmx.at> > wrote: > > > > On Wed, Sep 17, 2014 at 11:33:32AM -0700, Daniel Verkamp wrote: > > > >> Hi FFmpeg web folks, > > > >> > > > >> When visiting http://fate.ffmpeg.org/ using a browser that enforces > > > >> CORS[1], loading the FontAwesome icon font causes this error: > > > >> > > > >> Font from origin 'https://ffmpeg.org' has been blocked from loading > > > >> by Cross-Origin Resource Sharing policy: No > > > >> 'Access-Control-Allow-Origin' header is present on the requested > > > >> resource. Origin 'http://fate.ffmpeg.org' is therefore not allowed > > > >> access. > > > [...] > > > > > > > > as you seem to know this / have researched it already > > > > can you post what i need to add to httpd.conf to make this work ? > > > > > > Something like this (untested) should work: > > > > > > > > <Location /fonts/> > > > Header set Access-Control-Allow-Origin "*" > > > </Location> > > I think only allowing *.ffmpeg.org is safer from a security PoV. I am > already aware of this problem when I wrote the patch that changed the > behavior. See > http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/2014-July/160502.html
iam happy to change it if you provide something better that i can copy and paste into httpd.conf Note, http://www.w3.org/TR/cors/#access-control-allow-origin-response-header says: In practice the origin-list-or-null production is more constrained. Rather than allowing a space-separated list of origins, it is either a single origin or the string "null". also: http://tools.ietf.org/html/rfc6454#section-7.1 serialized-origin = scheme "://" host [ ":" port ] ; <scheme>, <host>, <port> from RFC 3986 so i think there needs to be http & https entries at least for all domains [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB I know you won't believe me, but the highest form of Human Excellence is to question oneself and others. -- Socrates
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
