Page MenuHomeMiraheze
Create Task
Maniphest T11269

Allow google fonts in content security policy
Open, NormalPublic
Actions

Description

I wanted to use a font from google fonts in the common.css for a wiki. When adding it to the common.css, the font wasn't applied. Looking in the dev-tools of my browser, it listed an error stating that fonts.googleapis.com was blocked by the content security policy, preventing the font from being loaded.

The font-url in question: https://fonts.googleapis.com/css2?family=Exo+2&display=swap

The issue reported by google-chrome:

Refused to load the font 'https://fonts.googleapis.com/css2?family=Exo+2&display=swap' because it violates the following Content Security Policy directive: "font-src 'self' data: *.miraheze.org *.betaheze.org fonts.gstatic.com cdn.jsdelivr.net fastly.jsdelivr.net db.onlinewebfonts.com phab.miraheze.wiki upload.wikimedia.org".
Miraheze wiki URL:falloftheempirerp.miraheze.org

Event Timeline

LXanders created this task.Oct 5 2023, 18:47
Herald added subscribers: Agent_Isai, Redmin. · View Herald TranscriptOct 5 2023, 18:47
Redmin edited projects, added CSP Review, Trust & Safety; removed MediaWiki (SRE), MediaWiki.Oct 6 2023, 09:20
Herald added subscribers: Bukkit, BrandonWM. · View Herald TranscriptOct 6 2023, 09:20
Original_Authority subscribed.Oct 9 2023, 21:49

PR https://github.com/miraheze/puppet/pull/3444

LXanders added a comment.EditedOct 16 2023, 15:39

Don't know if it's policy to create separate issues on the same topic, but the csp also has two outdated urls for discord:
cdn.discordapp.com and discordapp.com have been changed to media.discordapp.net

This one I ran into while trying to use external images

LXanders added a comment.Oct 22 2023, 15:35

bump?