How to prevent/protect webfonts from being downloaded?

Is it possible to protect webfonts on render.com via the HTTP Headers section?

In PHP/Apache world I’ve used something like:

SetEnvIf Referer example.com localreferer

<FilesMatch .(eot|woff|woff2|ttf)$>
	Order deny,allow
	Deny from all
	Allow from env=localreferer

	FileETag None

	<ifModule mod_headers.c>
		Header unset ETag
		Header set Cache-Control "max-age=0, no-cache, must-revalidate"
		Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"

        SetEnvIf Origin "^http(s)?://(.+\.)?(example\.com)$" AccessControlAllowOrigin=$0
        Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
        Header merge Vary Origin
	</ifModule>
</FilesMatch>

Hi @fff ,

It sounds like you want to make sure a file is never served from your Render service, is that correct? If you’re using a static site, we will serve all files that you put in your publish directory (see our docs at Free Static Site Hosting | Render). You can customize this a bit with redirects and rewrites (URL Redirects and Rewrites | Render), but I think it’s better to just never publish those files.

If your build step is currently generating those files, you may be able to edit your build script to delete all of the .eot, .wof, .woff2, and .ttf files before finishing.

No, that’s not what I wanted. The script above is from the LAMP-Stack-World and prevents every request from downloading the webfonts except requests from (in this case) example.com.

So I want my webfonts only to be used by the website itself. This is the common way to protect self-hosted webfonts.

Any ideas?

@fff I think you need the ability to set a response header only if a request header has a certain value.

Render supports setting response headers (Static Site Headers | Render · Cloud Hosting for Developers), but you can only vary them based on path, not based on request header.

You might want to open a feature request at Feature Requests | Render