In your particular case the issue seem to be with accessing the site from non-canonical url (www.site.com vs. site.com).
Instead of fixing CORS issue (which may require writing proxy to server fonts with proper CORS headers depending on service provider) you can normalize your Urls to always server content on canonical Url and simply redirect if one requests page without "www.".
Alternatively you can upload fonts to different server/CDN that is known to have CORS headers configured or you can easily do so.