Is your CDN returning the proper CORS headers? One way to test is with curl. Here’s a simple CORS request:
1 2 |
curl -H "Origin: http://acme.com/" \ --verbose cdn.acme.com/icons.woff |
You should get a successful response that includes and “Access-Control-Allow-Origin” header.
And here’s a pre-flight request:
1 2 3 4 |
curl -H "Origin: http://acme.com/" \ -H "Access-Control-Request-Method: POST" \ -H "Access-Control-Request-Headers: X-Requested-With" \ -X OPTIONS --verbose http://cdn.acme.com/icons.woff |
You should get a successful response that includes and “Access-Control-Allow-Origin”, “Access-Control-Allow-Methods”, and “Access-Control-Allow-Headers” headers.