Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CSP allow specific: data:font/woff;base64,"someBase64encoded font", WITHOUT using csp: font-src 'self' data:

Tags:

css

base64

fonts

content-security-policy

Have a few embed base64 fonts in some css files, but CSP blocks these: something like url("data:font/woff;base64,d09GRk9UVE...);

Current CSP = "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self'; script-src 'self'; style-src 'self';"

W3 and MDN say I could add a hash, but this doesn't seem to work either

tried sha256,sha384,sha512

like image 437
Rune Jørgensen Avatar asked Sep 14 '18 08:09

Rune Jørgensen

1 Answers

Add data:to font-source, e.g.

font-src 'self' data:;
like image 96
solitud Avatar answered Nov 03 '22 10:11

solitud
Sign in to Comment

Related questions

slick grid header row cell alignment
Can you use Jekyll page variables in a layout?
Allow images in a <div> to be wider than lines of text in the same <div>
animating jQuery Ui position()
"0" vs "none" as css attribute value
CSS: :last-child on list item
What is a scaled image and how do I serve one in a webpage?
CSS decrease space between text and border
I Want my Label to Vertically Align With my Input Field
Overlapping Text in CSS - How do I change it?
QT - CSS: decoration on focus
How to use 100% CSS background-image with scrolling content?
css/Less calc() method is crashing my IE10
Bootstrap 3 Modal Position
My background image get cut off at the bottom
Fade out animation when ng-if = false
Bootstrap 4 align elements right inside a col div
Fixed margin and VW (viewport width) units conflict
Underline animation on click
Bootstrap 4: Footer not at bottom

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!