[英]CSP allow specific: data:font/woff;base64,“someBase64encoded font”, WITHOUT using csp: font-src 'self' data:
Have a few embed base64 fonts in some css files, but CSP blocks these: something like url("data:font/woff;base64,d09GRk9UVE...);
在一些css文件中有一些嵌入base64字体,但CSP阻止这些:类似于
url("data:font/woff;base64,d09GRk9UVE...);
Current CSP = "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self'; script-src 'self'; style-src 'self';" 当前的CSP =“base-uri'self'; connect-src'self'; default-src'none'; font-src'self'; form-action'self'; frame-ancestors'none'; frame-src' self'; img-src'self'; script-src'self'; style-src'self';“
W3 and MDN say I could add a hash, but this doesn't seem to work either W3和MDN说我可以添加哈希值,但这似乎也不起作用
tried sha256
, sha384
, sha512
试过
sha256
, sha384
, sha512
添加data:
到font-source,例如
font-src 'self' data:;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.