From 3ef90a9e47f8af7595506818d83f706624b56ff4 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Fri, 13 Aug 2021 20:37:42 +0200 Subject: [PATCH] Remove ineffective Access-Control-Allow-Origin header The Access-Control-Allow-Origin header has only relevance, when a resource is loaded from an external host, so one that does not match the host of the primary loaded website. As the fonts are reasonably loaded via local URLs without hostname or scheme from the blocking page style sheet, they are never seen as external resources, regardless whether the blocking page is shown to the browser from a blocked domain or from the Pi-hole domain/IP. For reference: https://github.com/pi-hole/pi-hole/issues/3462 Signed-off-by: MichaIng --- advanced/lighttpd.conf.debian | 5 ----- advanced/lighttpd.conf.fedora | 5 ----- 2 files changed, 10 deletions(-) diff --git a/advanced/lighttpd.conf.debian b/advanced/lighttpd.conf.debian index 9c892fc0..3ecd7213 100644 --- a/advanced/lighttpd.conf.debian +++ b/advanced/lighttpd.conf.debian @@ -78,11 +78,6 @@ $HTTP["url"] =~ "^/admin/" { "X-Pi-hole" => "The Pi-hole Web interface is working!", "X-Frame-Options" => "DENY" ) - - $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" { - # Allow Block Page access to local fonts - setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" ) - } } # Block . files from being served, such as .git, .github, .gitignore diff --git a/advanced/lighttpd.conf.fedora b/advanced/lighttpd.conf.fedora index aae4a6a4..5a99a9bf 100644 --- a/advanced/lighttpd.conf.fedora +++ b/advanced/lighttpd.conf.fedora @@ -86,11 +86,6 @@ $HTTP["url"] =~ "^/admin/" { "X-Pi-hole" => "The Pi-hole Web interface is working!", "X-Frame-Options" => "DENY" ) - - $HTTP["url"] =~ "\.(eot|otf|tt[cf]|woff2?)$" { - # Allow Block Page access to local fonts - setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" ) - } } # Block . files from being served, such as .git, .github, .gitignore