This is because Firefox (from your mention of Firebug) thinks cross-domain, even subdomain, Web font embedding is a bad idea.
You can convince it to load fonts from your subdomain by adding this to the top-level .htaccess
file of the subdomain where your fonts are being served (updated to adapt code from the same file in HTML5 Boilerplate):
<FilesMatch "\.(ttf|ttc|otf|eot|woff)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>
In response to this:
I would however like to set up a way that only I can have access to this repository of fonts but that’s another project.
The W3C spec for Access-Control-Allow-Origin
doesn’t say anything more than either a wildcard "*"
or a specific domain. So far, I’ve found this SO answer which suggests validating the Origin
header, but I think that’s a Firefox-only header. I’m not sure about other browsers (they don’t even need the .htaccess
trick above for cross-domain Web fonts to work).