CMS deployments are missing assets due to CORS error

[alexgibson]

Description

The CMS deployments (for editing/publishing) are not loading bedrock's web fonts due to a CORS error.

https://dev.cms.bedrock.nonprod.webservices.mozgcp.net/en-US/about/leadership/

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www-dev.allizom.org/media/protocol/fonts/ZillaSlab-Bold.be1d6507cb98.woff. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www-dev.allizom.org/media/protocol/fonts/Inter-Regular.1a7f90ff1f1e.woff. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.

downloadable font: download failed (font-family: "Zilla Slab" style:normal weight:700 stretch:100 src index:1): bad URI or cross-site access not allowed source: https://www-dev.allizom.org/media/protocol/fonts/ZillaSlab-Bold.be1d6507cb98.woff

downloadable font: download failed (font-family: "Inter" style:normal weight:400 stretch:100 src index:1): bad URI or cross-site access not allowed source: https://www-dev.allizom.org/media/protocol/fonts/Inter-Regular.1a7f90ff1f1e.woff

[stevejalim]

This is now also blocking us from loading the JS we need to share drafts

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www-dev.allizom.org/media/wagtaildraftsharing/js/wagtaildraftsharing_controller.43684bb77729.js. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.

[stevejalim]

Given that SRE is in-flight updating CDN providers for us, I think i'll defer this to @bkochendorfer whenever he's around - let's Slack about this, Brett.

[stevejalim]

This is fixed on Dev but still needs addressing on Stage and Prod

[stevejalim]

@alexgibson This looks fixed to me on Dev, Stage and Prod for the CMS deployment, thanks to @bkochendorfer