C5.patreon.com is missing correct CORS header

Farbdose · January 31, 2018, 11:54pm

I just wanted to let you know that https://www.patreon.com/home is trying to load fonts from a content server that isn’t providing a correct CORS header, just in case nobody noticed:

From my error console when visiting the patreon home page:

Access to Font at 'https://c5.patreon.com/external/fonts/gt-america/GT-America-Standard-Regular.woff2' 
from origin 'https://www.patreon.com' has been blocked by CORS policy: 
No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'https://www.patreon.com' is therefore not allowed access.

Not sure if this belongs here, but this site was the closest thing to an issue tracker I could find…

tal · February 1, 2018, 6:09pm

@Farbdose thank you for this! I’ve routed to the right teams internally and they will address it.

For future readers of this thread, our guidelines on security reporting can be found here:

Topic		Replies	Views
Authorize redirect missing Access-Control-Allow-Origin header Friendly Help	2	10	October 28, 2024
Is CORS still a security concern with the v2 API? API Feedback	5	949	June 23, 2020
CORS issue in Patreon API [SOLVED] Friendly Help	5	2545	November 7, 2017
Confused about CORS and login button Friendly Help	20	1048	December 3, 2022
Patreon not syncing and my host can't find an issue Wordpress Plugin	10	639	July 8, 2020

C5.patreon.com is missing correct CORS header

Related Topics