堆栈内存溢出
  简体   繁体   English

CSP允许特定:data:font / woff; base64,“someBase64encoded font”,不使用csp:font-src'self'数据:

[英]CSP allow specific: data:font/woff;base64,“someBase64encoded font”, WITHOUT using csp: font-src 'self' data:

 原文  2018-09-14 08:53:17       css/ fonts/ base64/ content-security-policy

问题描述

Have a few embed base64 fonts in some css files, but CSP blocks these: something like url("data:font/woff;base64,d09GRk9UVE...); 在一些css文件中有一些嵌入base64字体,但CSP阻止这些:类似于url("data:font/woff;base64,d09GRk9UVE...);

Current CSP = "base-uri 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self'; script-src 'self'; style-src 'self';" 当前的CSP =“base-uri'self'; connect-src'self'; default-src'none'; font-src'self'; form-action'self'; frame-ancestors'none'; frame-src' self'; img-src'self'; script-src'self'; style-src'self';“

W3 and MDN say I could add a hash, but this doesn't seem to work either W3和MDN说我可以添加哈希值,但这似乎也不起作用

tried sha256 , sha384 , sha512 试过sha256sha384sha512

1 个解决方案

解决方案1
 5  2018-11-24 11:32:52

添加data:到font-source,例如

font-src 'self' data:;

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用数据URI的Base64编码的OpenType字体 - Base64 encoded OpenType font-face using data URI stylus.url() base64 编码 woff2 字体 - stylus.url() base64 encodes woff2 font Tumblr的Base64编码@ font-face - Base64 encoded @font-face for Tumblr base64图像中的嵌入式字体 - Embedded font in base64 image Firefox上Tumblr的Base64字体编码 - Base64 Font Encoding for Tumblr on Firefox 字体为 base64 并具有后备功能 - Font-face as base64 with fallbacks base64字体与二进制字体的呈现方式不同 - base64 font renders differently to binary font 有没有办法使用带有两个@ font-face声明的相同base64数据URI? - Is there a way to use the same base64 data URI with two @font-face declarations? 将base64编码的字符串解码为字体文件-Unicode范围 - Decode base64-encoded string to font file - unicode range 如何解码base64编码的字体信息? - How to decode base64-encoded font information?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM