From b8db62ad717745b0dc573f41b1307e0400c11a74 Mon Sep 17 00:00:00 2001 From: noellabo <noel.yoshiba@gmail.com> Date: Tue, 12 Nov 2019 06:21:32 +0900 Subject: [PATCH] Allow data: in font-src of content security policy --- config/initializers/content_security_policy.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 6666ab5553..0ee7c7262b 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -24,7 +24,7 @@ Rails.application.config.content_security_policy do |p| p.base_uri :none p.default_src :none p.frame_ancestors :none - p.font_src :self, assets_host, bootstrap_cdn_host + p.font_src :self, :data, assets_host, bootstrap_cdn_host p.img_src :self, :https, :data, :blob, assets_host, instance_ticker_img_host p.style_src :self, :unsafe_inline, assets_host, instance_ticker_host, bootstrap_cdn_host p.media_src :self, :https, :data, assets_host -- GitLab