stackoom
  简体   繁体   中英

Content Security Policy directive: Refused to load the font

 原文  2017-11-09 09:34:38       angular/ content-security-policy

Question

I created a angular project using angular-cli but when I start this project using 

npm start

it is showing 

Refused to load the font 'data:font/woff;base64,d09GRgABAAAAAGVUABEAAAAAxuQAAQABAAAAAAAAAAAAAAAAAAAAAAAAAABHREVGAAABgAAAAC4AAAA0ArgC7UdQT1MAAAGwAAAQ6AAALgxKsqRTR1NVQgAAEpgAAAH3AAAELqI5y+RPUy8yAAAUkAAAAE8AAABgaGyBu2NtYXAAABTgAAABlAAAAkQkRATXY3Z0IAAAFnQAAABeAAAAugDsQf1mcGdtAAAW1AAABZcAAAvNb3/BHGdhc3AAABxsAAAACAAAAAgAAAAQZ2x5ZgAAHHQAAEApAAB3CtbiupxoZWFkAABcoAAAADYAAAA2BkubWWhoZWEAAFzYAAAAIAAAACQHFARfaG10eAAAXPgAAAI6AAAEEk4TN4Nsb2NhAABfNAAAAhIAAAISiLhpam1heHAAAGFIAAAAIAAAACACigzgbmFtZQAAYWgAAACUAAABHhQGLdJwb3N0AABh/AAAAq4AAASRk5y6n3ByZ...QxUajCCFt4p9HP4fzdSWs2XhWl5HvJazrIrFUyB0l5dpqcW10lV2wukjMLuAvyMHNiYpgPsrCVXZDKrkpll6UWkh7kABVAFVCDe7UFmxagDegA+hLHRPbqtMo7ZHCpKdT6tPGXybzo0+RXBLoPZt1tELcXxCmAAyZwYTJvdDFZKnDER44X2451rDqCyunIsRWvLSx6wnWqwPj/uX5/KuEy6DL0z6A/Fn79VihxMFJsrlAFy4DpZOcvNlMeNp+BRDLj0r+XFdRxdSNSNxiI/AL3ojKdAAB4AWPw3sFwIihiIyNjX+QGxp0cDBwMyQUbGdictkUwWDAwsDJogTgOPN4c9iz6bMos4iysHFChUDZXJnMWTSZZJrAQt9M+YQYBBh4GTgY2kEZOoJiA0z4GBxiEiDEzuGxUYewIjNjg0BGxkTnFZaMaiLeLo4GBkcWhIzkkAqQkEggceHw5HFkM2VRZJFlYebR2MP5v3cDSu5GJwWUDW9xG1hQXAFAmKZU=' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.

I read some SO answers then got the point that I need to set CSP meta tag so I added 

<meta http-equiv="Content-Security-Policy" content="default-src 'self'; font-src 'self' data: fonts.gstatic.com">

in my index.html file. But this is still showing the same error logs on browser console. Any help?

This project is in a directory which is a git directory hosted on https://www.visualstudio.com/ .

when I move this project from this git directory to somewhere else and run, It works. I don't know what is the reason?

2 answers

solution1
 1  2017-12-11 10:04:46

If you were getting the error before you set the CSP in a meta tag then there is already an existing CSP in place. Check for other meta tags in the document or check the HTTP response header. You can use https://securityheaders.io/ to scan your application and see if there is a CSP set.

Note: If you do set CSP in a meta tag the tag needs to be placed into the page prior to any asset you want to whitelist using it. The <meta> tag should be placed as early in the page as possible.

solution2
 -1  2017-11-09 17:36:40

https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:;">

^ Should do the trick

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Angular 8 refused to load load the image because it violates the following Content Security Policy directive Refused to load the image because it violates the following Content Security Policy directive: "default-src 'none'". Angular 8 Refused to load the image because it violates the following Content Security Policy directive (favicon) Angular routing 'Refused to load the font '…' because it violates the following Content Security Policy' Content Security Policy directive Angular + bootstrap throws error Refused to load the image because it violates the following Content Security Policy directive: “default-src 'none'” Angular4 Content-Security-Protocol Refused to load the font Error no angular: "Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'" Cannot load images on production, violates Content Security Policy directive: "img-src 'self' data Cannot GET /login on reload pages Angular 8 - Refused to load the image '/favicon.ico' because it violates the following Content Security Policy
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM