# CORS only for mozilla domains SetEnvIf Origin "https?://(.*.mozilla.(com|org|net))" CORS=$0 Header set Access-Control-Allow-Origin %{CORS}e env=CORS # block hotlinking by referer to .woff, .eof, .ttf files except mozilla domains RewriteCond "%{HTTP_REFERER}" "!https?://.*.mozilla.(com|org|net)/.*$" RewriteRule .(woff|eot|ttf)$ - [F,NC,L,E=!CORS] <FilesMatch ".(ttf|woff|eot)$"> Header append vary "Origin" ExpiresActive On ExpiresDefault "access plus 1 year" </FilesMatch>
AdrianGaudebert/kitsune/master/static/fonts/.htaccess
