From 5950b04c40e3ab46cad341f5bdf4f0d4b763d5e6 Mon Sep 17 00:00:00 2001
From: shortcutme <tamas@zeronet.io>
Date: Sun, 9 Jul 2017 14:11:44 +0200
Subject: [PATCH] Add allow-origin header for media requests from same origin
 to fix css font support

---
 src/Ui/UiRequest.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Ui/UiRequest.py b/src/Ui/UiRequest.py
index 534b5696..6402c7b8 100644
--- a/src/Ui/UiRequest.py
+++ b/src/Ui/UiRequest.py
@@ -190,7 +190,8 @@ class UiRequest(object):
         headers.append(("Connection", "Keep-Alive"))
         headers.append(("Keep-Alive", "max=25, timeout=30"))
         headers.append(("X-Frame-Options", "SAMEORIGIN"))
-        # headers.append(("Content-Security-Policy", "default-src 'self' data: 'unsafe-inline' ws://127.0.0.1:* http://127.0.0.1:* wss://tracker.webtorrent.io; sandbox allow-same-origin allow-top-navigation allow-scripts"))  # Only local connections
+        if content_type != "text/html" and self.env.get("HTTP_REFERER") and self.isSameOrigin(self.getReferer(), self.getRequestUrl()):
+           headers.append(("Access-Control-Allow-Origin", "*"))  # Allow load font files from css
         if self.env["REQUEST_METHOD"] == "OPTIONS":
             # Allow json access
             headers.append(("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Cookie"))