C5.patreon.com is missing correct CORS header

Farbdose · January 31, 2018, 11:54pm

I just wanted to let you know that https://www.patreon.com/home is trying to load fonts from a content server that isn’t providing a correct CORS header, just in case nobody noticed:

From my error console when visiting the patreon home page:

Access to Font at 'https://c5.patreon.com/external/fonts/gt-america/GT-America-Standard-Regular.woff2' 
from origin 'https://www.patreon.com' has been blocked by CORS policy: 
No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'https://www.patreon.com' is therefore not allowed access.

Not sure if this belongs here, but this site was the closest thing to an issue tracker I could find…

tal · February 1, 2018, 6:09pm

@Farbdose thank you for this! I’ve routed to the right teams internally and they will address it.

For future readers of this thread, our guidelines on security reporting can be found here:

Topic		Replies	Views
Small FYI: Enforcing HTTPS connections starting Feb 26 Friendly Help	0	579	January 29, 2018
Unblock me on patreon forum	2	661	January 12, 2021
Blocked IP and API Friendly Help	3	2009	February 18, 2018
Account disabled for 2 weeks - VPN? Friendly Help	2	1947	July 12, 2018
oAuth confirmation screen kinda ugly API Feedback	1	502	February 26, 2021

C5.patreon.com is missing correct CORS header

Related Topics