Debugging a CORS header issue
Just wasted a bunch of time thinking that our static-rails gem was messing up CORS headers. Turned out that AWS Cloudfront just randomly choked on a handful of assets across our properties and the only way to fix it was to manually invalidate (read: cache-bust) them and force it to go and refetch them.
This particular font served by AWS cloudfront, when requested by Chrome, is not returning the CORS
The bad request:
This is the cURL command provided by right-click copy in Chrome devtools with
--verbose tacked on to see the header: