Error in Content-Security-Policy v4


#1

hello, previously in version v3 used the following code:
“Content-Security-Policy” content = "default-src *;
img-src * ‘self’ data: https :; script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ *;
style-src ‘self’ ‘unsafe-inline’ *
now in v4 it does not work for me I get the following error:

efused to load the font 'data: application / font-woff; charset = utf-8; base64, d09GRgABAAAAAAucABAAAAAAFdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAALgAAAABkAAAAciVvo20dERUYAAAmwAAAAIwAAACQAdwBXR1BPUwAAC1AAAAAuAAAANuAY7 + xHU1VCAAAJ1AAAAXsAAANI9IT86E9TLzIAAAHcAAAASgAAAGBRKF + WY21hcAAAAnQAAACIAAABYt6F0cBjdnQgAAAC / AAAAAQAAAAEABEBRGdhc3AAAAmoAAAACAAAAAj // wADZ2x5ZgAAA4gAAAOZAAAITCn3I + 5oZWFkAAABbAAAADAAAAA2FHn / 62hoZWEAAAGcAAAAIAAAACQHggM3aG10eAAAAigAAABMAAABDCk9AApsb2NhAAADAAAAAIgAAACIN4I51G1heHAAAAG8AAAAHwAAACAAiQBLbmFtZQAAByQAAAFTAAAC1pgGDVZwb3 … UmUkQwHEIY1X9 + 7BGDvyOX0rMJZfwiDRuv6tPIGB2jawwwRXwDdzhEFmUOD3WuFjlXOTwUuSsijxssjPBlOFhGgQqf3cb8CLvKGEshl6GyjS7e8YEvfONHmWoNm4xRoG5dn3Jjng6xCnaRi2kiZ19xNaGIZ7bFOclD + D1mnuRwhrkYl9cVutifYALXy3 / GworuYiPMdQezE4xkcMoOjXvVUNL30sQ9rlmhrd2r / LJaU6MqH / q2uUpSiH8HM2O8YPIqDlil3LLDvB1mldNrPwOLevG2wyhy4oK9qtI / S2102xF / xEg5ugsS4NN8N3V25QFPeMM5e1AnU6Kz + JT4l8pPYrjLucFYTfbG1tEs9ijwbOmKIlQqumW / PCLR2zjmWw8Qv + Y0z1hcuTpu5Q / + XTUsAHjaY2BkYGDgYpBjMGFgzEksyWPgYGABijD8 / 88AkmEszqxKhYp9YIA DAMCOBtEAAHjaY2BgYGQAghsJmjlguvb + dhgNAEgzB6UAAAA = 'because it violates the following Content Security Policy directive: “default-src *”. Note that ‘font-src’ was not explicitly set, so ‘default-src’ is used as a fallback.

Can somebody help me? Thank you!


#2

you need to add CSP to font-src