No ‘Access-Control-Allow-Origin’ header is present on the requested resource

Hi there. (below you can see the error, that i get in ‘console browser’)

for your ref. I use OpenLiteSpeed, DirectAdmin and Cloudflare on my wordpress website.

I have issues with the CORS Policy, and not sure if this is server (openlitespeed or directadmin) related or your plugin as it set a lot of security settings.

I’m running wordpress on my server
I made a subdomain for all media files so new uploads will load from a subdomain (wp-admin/options.php) (https://www.webnots.com/move-wordpress-images-folder-to-subdomain/)

Upload _path = cdn/v
upload_url_path = https://cdn.mydomain.com/v

Everything went smoothly, but suddenly weeks later custom fonts or new custom fonts are not working anymore that are stored locally on my server on the subdomain…

Access to font at ‘https://cdn.mydomain.com/…/roboto–v30-normal-700.woff2…’ from origin ‘https://www.mydomain.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

On the subdomain i made a .htaccess file in it, but still doesn’t work? What do I forget? Or do i need to change something in directadmin or here in cloudflare, that maybe has been changed since the last time?

on the subdomain i put this htaccess file with this in it (but doens’t work):

# BEGIN CORS
<IfModule mod_headers.c>
<FilesMatch ".(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule># END CORS

Cross-Origin Request Blocked: The Same Origin Policy does not allow reading the remote source at . (Reason: CORS header 'Access-Control-Allow-Origin' is missing). Status code: 200.