CSP allow specific: data:font/woff;base64,"someBase64encoded font", WITHOUT using csp: font-src 'self' data:

Tags:

Have a few embed base64 fonts in some css files, but CSP blocks these: something like url("data:font/woff;base64,d09GRk9UVE...);

Current CSP = "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self'; script-src 'self'; style-src 'self';"

W3 and MDN say I could add a hash, but this doesn't seem to work either

tried sha256,sha384,sha512

437

asked Sep 14 '18 08:09

Rune Jørgensen

1 Answers

Add data:to font-source, e.g.

font-src 'self' data:;

answered Nov 03 '22 10:11

solitud

Recent Activity
Apple Pay - authorize.net returns error 153 only when live, sandbox works
How to continue cursor loop even error occured in the loop
python find all neighbours of a given node in a list of lists
Fatal error: Call to a member function setColumn() on a non-object in Magento
Count how many of each value from a field with MySQL and PHP
Python 32-bit development on 64-bit Windows [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With

CSP allow specific: data:font/woff;base64,"someBase64encoded font", WITHOUT using csp: font-src 'self' data:

Tags:

css

base64

fonts

content-security-policy

Rune Jørgensen

1 Answers

solitud

Related questions

Recent Activity

Donate For Us