Tagged: 

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • June 9, 2018 at 4:17 pm #970444
    Pako

    Hi,

    i uploaded the font open-Sans to my server with your import option in the themes. Then i activated the font in the settings.

    Then i set a CSP policy that fonts have to be loaded only from local storage (‘self’).

    In Safari i get an error in the webconsole to any page:

    Refused to load data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAAGYMAA4AAAAAowAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABRAAAABwAAAAcckwii0dERUYAAAFgAAAAHwAAACABMwAET1MvMgAAAYAAAABAAAAAYJYFacxjbWFwAAABwAAAAUEAAAKi6kAXkmdhc3AAAAMEAAAACAAAAAj//wADZ2x5ZgAAAwwAAFnuAACMgOFsk4doZWFkAABc/AAAAC4AAAA2DP0UgmhoZWEAAF0sAAAAGgAAACQPogeuaG10eAAAXUgAAAEHAAACFodAcgtsb2NhAABeUAAAAg4AAAIO/oLadm1heHAAAGBgAAAAHwAAACABWQC1bmFtZQAAYIAAAAGbAAADVi8qdoNwb3N0AABiHAAAA+cAAApGwPo//ndlYmYAAGYEAAAABgAAAAayr1bhAAAAAQAAAADMPaLPAAAAANMHHI4AAAA…9ztdmYrdl7b3JHyR0ld5TcUarkuafknpJ7Su4puafknpJ7Su4puaeU5Lmr5K6Su0ruKrmr5K5Slue+kvtK7iu5r+S+UpbnzpI7S+4sua9sf7mn7302ixlmbTZma/Zysz1me8z2mO0x22O2x2yP2R6zPWZ7zPaY7THbY7bHbI/ZHrM9ZnvM9pjtMdtjtsdsj9kesz1me8z2mO0x22O2x2yPWV9zX5/6mos8vc1Fnv5m/c2ll1d8X/reR49ZmcnMZjHDrM3GlKPnpfa8nhc9L3pe9LzoedHzouelkaPvRd+Lvhd9L/pe9L3oe9H3ou9F34u+F30v+l70veh7aeW18lp5rbyOvI68jryOvI68jryOvI68jrxOLy/8fgn9CP0I/Qj9CL0IvQi9CL0IvQi9CL0IvQi9CL0IvQi9CL0IvQi9CL0IvQi9CL0IvQi9CL0IvQi9CL0IvQh9CH0IfQh9CH0IfQg9CD0IPQg9CPcf7j9K8y+BQLz/AAABVuGyrgAA because it does not appear in the font-src directive of the Content Security Policy.

    So the theme try to load a font again from another source then mine…

    How can we fix it?

    Firefox: Content Security Policy: Die Einstellungen der Seite haben das Laden einer Ressource auf data:application/font-woff;charset=utf-8… blockiert (“font-src”).

    My htaccess:

    Header set Content-Security-Policy “default-src ‘self’; frame-src ‘self’; font-src ‘self’; img-src *; script-src ‘unsafe-inline’ ‘unsafe-eval’ https: *; style-src ‘self’ ‘unsafe-inline’ https: *; media-src ‘self’ https://www.youtube.com/; form-action ‘self’;”

    FIXED:

    data: musst be declared on CSP

    Header set Content-Security-Policy “default-src ‘self’; frame-src ‘self’; font-src ‘self’ data:; img-src *; script-src ‘unsafe-inline’ ‘unsafe-eval’ https: *; style-src ‘self’ ‘unsafe-inline’ https: *; media-src ‘self’ https://www.youtube.com/; form-action ‘self’;”

    • This topic was modified 6 years, 5 months ago by Pako.
    June 10, 2018 at 7:56 am #970655
    Rikard

    Hey Pako,

    Great, glad you found a solution and thanks for sharing. Please let us know if you should need any further help on the topic or if we can close it.

    Best regards,
    Rikard

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.