问一个关于 segmentfault javascript 加载的问题

用chrome浏览器访问segmentfault，几乎所有javascript都失效，查看加载信息，如下所示：

Script from origin 'https://dfnjy7g2qaazm.cloudfront.net' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://segmentfault.com' is therefore not allowed access.

调查了一下（非义务，纯好奇），似乎把静态文件放在AWS上要做些设置：

http://stackoverflow.com/questions/25577981/font-from-origin-has-been-blocked-from-loading-by-cross-origin-resource-sharing

或者在Nginx服务器加配置：

location ~* \.(eot|ttf|woff)$ {
   add_header Access-Control-Allow-Origin '*';
}

或者在AWS上配置:

http://stackoverflow.com/questions/12229844/amazon-s3-cors-cross-origin-resource-sharing-and-firefox-cross-domain-font-loa

关于Cross-Origin Resource Sharing

https://www.w3.org/TR/cors/#access-control-request-headers-request-header

大家说哪种办法好呢？