From b8db62ad717745b0dc573f41b1307e0400c11a74 Mon Sep 17 00:00:00 2001
From: noellabo <noel.yoshiba@gmail.com>
Date: Tue, 12 Nov 2019 06:21:32 +0900
Subject: [PATCH] Allow data: in font-src of content security policy

---
 config/initializers/content_security_policy.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 6666ab5553..0ee7c7262b 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -24,7 +24,7 @@ Rails.application.config.content_security_policy do |p|
   p.base_uri        :none
   p.default_src     :none
   p.frame_ancestors :none
-  p.font_src        :self, assets_host, bootstrap_cdn_host
+  p.font_src        :self, :data, assets_host, bootstrap_cdn_host
   p.img_src         :self, :https, :data, :blob, assets_host, instance_ticker_img_host
   p.style_src       :self, :unsafe_inline, assets_host, instance_ticker_host, bootstrap_cdn_host
   p.media_src       :self, :https, :data, assets_host
-- 
GitLab