CORS error when trying to fetch font files from the customized login page

Problem statement

We use a customized login page that fetches font files from a third-party URL. However, the fonts are not displayed on the login page, and I see a CORS issue in the browser console.

“Access to font at ‘’ from origin ‘’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”


You can use the browser’s developer tools to observe the network requests and the errors.


The issue is caused by the ‘Access-Control-Allow-Origin’ header having incorrect domains or not having the header.


The issue should be fixed on your application server or the file server where you’re fetching the font files. Please make sure the server sends the correct “Access-Control-Allow-Origin” header information in the response.
To learn more about this error, please refer to: Reason: CORS header 'Access-Control-Allow-Origin' missing - HTTP | MDN.

For example, you can configure the server to send the following header.

Access-Control-Allow-Origin: https://<my-tenant>


Access-Control-Allow-Origin: *
1 Like