Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.2k views
in Technique[技术] by (71.8m points)

magento2 - Magento 2.4.1: How to resolve [Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive:

With a custom module, I am trying to resolve the content security policy warnings. I'm not sure under which policy should I place the URLS reported by Refused to connect to.

Pleae guide me as to how it needs to handled in csp_whitelist.xml. Below is a real example from our store.

[Report Only] Refused to load the font '' because it violates the following Content Security Policy directive: "font-src *.cloudflare.com *.bootstrapcdn.com 'unsafe-inline' data: api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'".

Below is my code in csp_whitelist.xml

<policy id="font-src">
    <values>
        <value id="cloudflare" type="host">*.cloudflare.com</value>
        <value id="maxcdn" type="host">*.bootstrapcdn.com</value>
        <value id="data" type="host">'unsafe-inline' data:</value>
    </values>
</policy>
question from:https://stackoverflow.com/questions/65889684/magento-2-4-1-how-to-resolve-report-only-refused-to-load-the-font-url-bec

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...