Implementing Access Control Domain Restrictions for Web Fonts
As stated in the IDAutomation License Agreement, the use of IDAutomation Web Fonts such as WOFF fonts on a publicly accessible website must be limited to the intended domain(s) by enabling domain restrictions within the publicly accessible fonts or web server. IDAutomation does not directly support the implementation of domain limitations; they are supported by the organizations that provide the associated web servers or by the organizations that make the font specifications. However, the implementation examples below may be used for testing in your environment.
Webserver Limitation Methods:
Webserver | Implementation Example |
Apache | Add the following to the htaccess file
in the folder where the font files reside on the webserver and
change "www.yourdomain.com"
to the appropriate domain:<FilesMatch "\.(ttf|otf|eot|woff)$"> <IfModule mod_headers.c> Header set Access-Control-Allow-Origin "https://www.yourdomain.com/" </IfModule> </FilesMatch> Within the @font-face declaration, provide the full absolute URL of the fonts. For example: @font-face { font-family: IDAutomationHC39M; src: url(https://www.yourdomain.com/woff-fonts/IDAutomationHC39M.woff); } Additionally, multiple domains may be specified: Access-Control-Allow-Origin "https://www.yourdomain.com,https://www.bcgen.com" |
IIS | Add the following to the web.config file
in the folder where the font files reside on the webserver and
change "www.yourdomain.com"
to the appropriate domain:
IIS6:
IIS7 and Greater:
This should add Access-Control-Allow-Origin to the customHeaders section of the web.config as in the example below: <system.webServer> <httpProtocol> <customHeaders> <add name="X-Frame-Options" value="SAMEORIGIN" /> <add name="Access-Control-Allow-Origin" value="www.yourdomain.com" /> </customHeaders> </httpProtocol> </system.webServer>
|
Code Limitation Methods:
Code Type | Implementation Example |
PHP |
<?php header("Access-Control-Allow-Origin: www.yourdomain.com"; ... ?> |
ASP.NET |
Response.AppendHeader("Access-Control-Allow-Origin", "www.yourdomain.com"); |
Font Limitation Methods:
Font Type | Implementation Example |
EOT | The Microsoft Web Embedding Fonts Tool (WEFT) can be used to set access restrictions to domains. However, this app is no longer available for download from the Microsoft Typography Site. |