C5.patreon.com is missing correct CORS header


#1

I just wanted to let you know that https://www.patreon.com/home is trying to load fonts from a content server that isn’t providing a correct CORS header, just in case nobody noticed:

From my error console when visiting the patreon home page:

Access to Font at 'https://c5.patreon.com/external/fonts/gt-america/GT-America-Standard-Regular.woff2' 
from origin 'https://www.patreon.com' has been blocked by CORS policy: 
No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'https://www.patreon.com' is therefore not allowed access.

Not sure if this belongs here, but this site was the closest thing to an issue tracker I could find…


#2

@Farbdose thank you for this! I’ve routed to the right teams internally and they will address it.

For future readers of this thread, our guidelines on security reporting can be found here: