Content Security Policy - loading WOFF fonts

PPetree · December 13, 2019, 4:40pm

In regards to the fonts, my CSP is set as follows:

font-src 'self' https://fonts.gstatic.com/;

When I load the page I get the following error:

    Refused to load the font 'data:application/font-woff;charset=utf-8;base64, 
    [snip]
    because it violates the following Content Security Policy directive: "font-src 'self' https://fonts.gstatic.com/".

I checked the forums and found this page but it doesn’t provide any information beyond what I’m already doing so what am I missing?

Thanks!

pvtallulah · December 13, 2019, 5:03pm

Try with

font-src 'self' data:;

PPetree · December 13, 2019, 5:20pm

That was perfect! Thanks!
(only 3 more issues to resolve before moving forward with the port!)