How to set font-face data: in a Content Security Policy meta tag?

Question

I am using a very small embedded font in a CSS file like so:

@font-face {
    font-family: 'fontello';
    src: url('data:application/octet-stream;base64,...');
}

But upon loading the page in Chrome, I get this error in the console, and the font is not loading.

Refused to load the font 'data:application/octet-stream;base64,...' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.

I am using the following meta tags:

<meta http-equiv="Content-Security-Policy" content="default-src 'self'; font-src data:" />
<meta http-equiv="X-Content-Security-Policy" content="default-src 'self'; font-src data:" />
<meta http-equiv="X-WebKit-CSP" content="default-src 'self'; font-src data:" />

I did some research on CSP and the meta tags I've added seem like they should work, but so far nothing has changed. I explicity set font-src and yet the error message say that I haven't. What am I doing wrong?

Answer 1

eject this snippet within the head, if you set font explicitly or you can play with "font-src".

<meta http-equiv="Content-Security-Policy" content="font-src 
https://* data:;" />