Access-Control header problem with MathJax_Main-Regular.woff?

[Murray]

Hi

In IE 11 and Firefox 30.0, I'm seeing a long delay, then the message about using image fonts. Chrome and Opera are fine.

The console message in IE is:

@font-face failed cross-origin request. Resource access is restricted.
File: MathJax_Main-Regular.woff

This appears to be only happening for this font and for anywhere I try it (including Mathjax.org home page).

The message in Chrome for this font (none of the others) is

Blink is considering rejecting non spec-compliant cross-origin web font requests: http://cdn.mathjax.org/mathjax/latest/fonts/HTML-CSS/TeX/woff/MathJax_Main-Regular.woff?rev=2.4-beta-2. Please use Access-Control-Allow-Origin to make these requests spec-compliant.

The other fonts have the "Access-Control-Allow-Origin:

*" header, but MathJax_Main-Regular.woff does not appear to have that line in its header.

I've checked all settings, cleared cache and closed browsers, but it persists.

Could you please check this out.

Thanks a lot.

Murray

[Peter Krautzberger]

Hi Murray,

I'm not seeing this. Could you run

$ curl -I http://cdn.mathjax.org/mathjax/latest/fonts/HTML-CSS/TeX/woff/MathJax_Main-Regular.woff?rev=2.4-beta-2

and share the output?

For comparison, below is the result from my machine. As you can see, the header is set correctly.

Regards,

Peter.

$ curl -I http://cdn.mathjax.org/mathjax/latest/fonts/HTML-CSS/TeX/woff/MathJax_Main-Regular.woff?rev=2.4-beta-2

HTTP/1.1 200 OK

Server: cloudflare-nginx

Date: Thu, 24 Jul 2014 13:16:21 GMT

Content-Type: application/font-woff

Content-Length: 34160

Connection: keep-alive

Set-Cookie: __cfduid=d4748b1c0d9eeef3a54f80989b5d506651406207781342; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.mathjax.org; HttpOnly

Expires: Mon, 26 Jan 2015 13:16:21 GMT

Last-Modified: Thu, 24 Apr 2014 20:09:02 GMT

ETag: "f683cc665372d2c310b1ec5b04821c89"

x-goog-generation: 1398370142666000

x-goog-metageneration: 4

x-goog-stored-content-encoding: identity

x-goog-stored-content-length: 34160

x-goog-meta-content-language: en

x-goog-hash: crc32c=Zpe9OQ==

x-goog-hash: md5=9oPMZlNy0sMQsexbBIIciQ==

x-goog-storage-class: STANDARD

Vary: Accept-Encoding

Access-Control-Allow-Origin: *

Access-Control-Expose-Headers: *, Content-Length, Date, Server, Transfer-Encoding

Cache-Control: public, max-age=16070400

Age: 20

Alternate-Protocol: 80:quic

CF-Cache-Status: HIT

Accept-Ranges: bytes

CF-RAY: 14f06449681f073d-AMS

 

--
You received this message because you are subscribed to the Google Groups "MathJax Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mathjax-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Murray]

Hi Peter

I'm still seeing the same problems with loading Web fonts. Now it involves other fonts as well.

In FF's Net console, I get:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://cdn.mathjax.org/mathjax/latest/fonts/HTML-CSS/TeX/woff/MathJax_Main-Regular.woff?rev=2.4-beta-2. This can be fixed by moving the resource to the same domain or enabling CORS.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://cdn.mathjax.org/mathjax/latest/fonts/HTML-CSS/TeX/woff/MathJax_Math-Italic.woff?rev=2.4-beta-2. This can be fixed by moving the resource to the same domain or enabling CORS.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://cdn.mathjax.org/mathjax/latest/fonts/HTML-CSS/TeX/otf/MathJax_Main-Regular.otf?rev=2.4-beta-2. This can be fixed by moving the resource to the same domain or enabling CORS.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://cdn.mathjax.org/mathjax/latest/fonts/HTML-CSS/TeX/otf/MathJax_Math-Italic.otf?rev=2.4-beta-2. This can be fixed by moving the resource to the same domain or enabling CORS.

The FF headers show (for example, for 

http://cdn.mathjax.org/mathjax/latest/fonts/HTML-CSS/TeX/woff/MathJax_Main-Regular.woff?rev=2.4-beta-2):

Connection	keep-alive
Content-Encoding	gzip
Content-Length	34181
Content-Type	application/font-woff
Date	Thu, 07 Aug 2014 01:29:45 GMT
Etag	"f683cc665372d2c310b1ec5b04821c89"
Expires	Sun, 08 Feb 2015 01:23:56 GMT

Last-Modified

Thu, 24 Apr 2014 20:09:02 GMT

Server	cloudflare-nginx
X-Cache	HIT from AN-TS-CCACHE-CE10:8080
X-Cache-Debug	TCP_HIT/RIDXGZ/file:/cache9/vb/hfh/rnl5o/ocap7jsvb47cz2qq

In IE, often (always?) the italic font does not load, and it messes up the image fonts that are subsequently displayed. I get non-italic, for example on this page: http://www.intmath.com/integration/4-definite-integral.php

Here's a screen shot:

I have tested it in other locations, with other laptops, but still see the same problem. I have cleared cache. I see the same problem on mathjax.org and mathjax.com.

I have also tested the same pages in WebPageTest in various global locations, and I can see (from the recorded video) that other locations see what you see - everything is OK.

But choosing the Singapore option in WebPageTest shows MathJax not loading at all. Here's the outcome for Mathjax.org: (screen grab from the video)

So it leads me back to what I suggested before - there seems to be an issue with the CDN server closest to me (in Singapore). It does not appear to be setting the headers properly - or indeed, loading Mathjax at all in some cases.

Any help would be appreciated.

Regards

Murray

[Peter Krautzberger]

 Hi Murray,

I've tested the headers via a proxy in Singapore and they are ok (see below).

I'm not sure where the error you're seeing might come from but it seems CloudFlare is working correctly.

Best regards,

Peter.

HTTP/1.0 200 OK

Date: Mon, 11 Aug 2014 12:18:30 GMT

Content-Type: application/font-woff

Content-Length: 34160

Set-Cookie: __cfduid=dd1288a7d940589bec46fea1d7391f5611407759510864; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.mathjax.org; HttpOnly

Cache-Control: public, max-age=16070400

Expires: Fri, 13 Feb 2015 12:18:30 GMT

Last-Modified: Thu, 24 Apr 2014 20:09:02 GMT

ETag: "f683cc665372d2c310b1ec5b04821c89"

x-goog-generation: 1398370142666000

x-goog-metageneration: 4

x-goog-stored-content-encoding: identity

x-goog-stored-content-length: 34160

x-goog-meta-content-language: en

x-goog-hash: crc32c=Zpe9OQ==

x-goog-hash: md5=9oPMZlNy0sMQsexbBIIciQ==

x-goog-storage-class: STANDARD

Vary: Accept-Encoding

Access-Control-Allow-Origin: *

Access-Control-Expose-Headers: *

Alternate-Protocol: 80:quic

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 1584604ee8641129-SIN

X-Cache: MISS from sv-heri16.co.id

X-Cache-Lookup: MISS from sv-heri16.co.id:80

Via: 1.0 sv-heri16.co.id (squid/3.1.10)

Connection: close

[Murray]

Hello Peter

Thanks for your reply. It doesn't make sense, as I'm in Singapore and have faced this problem for some time now.

My screen shot of WebPageTest showed that there was indeed a problem when accessing from a Singapore IP.

But I appear to have solved my problem - and it may give you some insight into the issue (or not).

For my own site. I have always accessed the CDN via http, but tried https just now. IE and FF now load like a charm, and there are no longer messages appearing in Chrome's console like this one:

"Blink is considering rejecting non spec-compliant cross-origin web font requests: http://cdn.mathjax.org/mathjax/latest/fonts/HTML-CSS/TeX/woff/MathJax_Main-Regular.woff?rev=2.4-beta-2. Please use Access-Control-Allow-Origin to make these requests spec-compliant."

So - happy day.

Thanks again for looking into this. I do believe there is still a problem somewhere.

Regards

Murray