If you don’t have mod_headers enabled you can enabled it with
sudo a2enmod headers
And then in your VirtualHost or .htaccess
# Allow access from all domains for webfonts.
# Alternatively you could only whitelist your
# subdomains like "subdomain.example.com".
<IfModule mod_headers.c>
<FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css|css|woff2)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>