[FFmpeg-devel] Cross-origin resource error on fate.ffmpeg.org

Timothy Gu timothygu99 at gmail.com
Thu Sep 18 05:49:06 CEST 2014


On Sep 17, 2014 8:02 PM, "Michael Niedermayer" <michaelni at gmx.at> wrote:
>
> On Wed, Sep 17, 2014 at 07:16:30PM -0700, Daniel Verkamp wrote:
> > On Wed, Sep 17, 2014 at 12:59 PM, Michael Niedermayer <michaelni at gmx.at>
wrote:
> > > On Wed, Sep 17, 2014 at 11:33:32AM -0700, Daniel Verkamp wrote:
> > >> Hi FFmpeg web folks,
> > >>
> > >> When visiting http://fate.ffmpeg.org/ using a browser that enforces
> > >> CORS[1], loading the FontAwesome icon font causes this error:
> > >>
> > >>   Font from origin 'https://ffmpeg.org' has been blocked from loading
> > >> by Cross-Origin Resource Sharing policy: No
> > >> 'Access-Control-Allow-Origin' header is present on the requested
> > >> resource. Origin 'http://fate.ffmpeg.org' is therefore not allowed
> > >> access.
> > [...]
> > >
> > > as you seem to know this / have researched it already
> > > can you post what i need to add to httpd.conf to make this work ?
> >
> > Something like this (untested) should work:
> >
>
> > <Location /fonts/>
> >   Header set Access-Control-Allow-Origin "*"
> > </Location>

I think only allowing *.ffmpeg.org is safer from a security PoV. I am
already aware of this problem when I wrote the patch that changed the
behavior. See
http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/2014-July/160502.html

Timothy


More information about the ffmpeg-devel mailing list