We've been using an instance of the Drupal 7 machine image. Recently we tried using Cloudfront's CDN to boost load times. It mostly worked, but with one odd exception: Attempting to serve WOFF2 (webfont) files would generate errors on the client side. from the Access-Control-Allow-Origin header.
Font from origin [server]' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://nova.spectracom.com' is therefore not allowed access.
No other resources on the site create this problem, including other font files like TTF and WOFF. We tried to fix this by editing the file /home/bitnami/apps/drupal/conf/htaccess.conf to allow Access-Control-Allow-Origin for woff2 files, but it did not help. It appears that something else in the Bitnami stack is interfering with cross-server use of woff2 files, but we cannot find what that would be.
In the short term, we simply blacklisted WOFF2 files from the CDN. We haven't found a solution to this; if we do I'll post it here. If anyone has any insight on this problem, please post it here.