Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't load external fonts inside custom CSS #748

Closed
spencerwooo opened this issue Aug 1, 2020 · 5 comments · May be fixed by #2258
Closed

Can't load external fonts inside custom CSS #748

spencerwooo opened this issue Aug 1, 2020 · 5 comments · May be fixed by #2258
Labels
question / discussion

Comments

@spencerwooo
Copy link

When I tried to load Google Fonts inside Miniflux's custom CSS, I was met with this error:

Refused to load the stylesheet 'https://fonts.googleapis.com/css2?family=Roboto&display=swap' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'style-src-elem' was not explicitly set, so 'default-src' is used as a fallback.

And of course, the external fonts from Google Fonts didn't load. Is this as expected or by design? Currently I have to load my fonts with a user styles manager like Stylus for Chrome as a temporary solution.
@fguillot
Copy link
Member

fguillot commented Aug 1, 2020

This behaviour is expected. CSP directives are there for security reasons.

@spencerwooo
Copy link
Author

This behaviour is expected. CSP directives are there for security reasons.

All right, thanks for the clarification.

@thiagowfx
Copy link
Contributor

If one wants to trust google fonts anyway, is there a supported way to do so today other than monkey patching the repository and changing the CSP in the source code?

@fguillot
Copy link
Member

If one wants to trust google fonts anyway, is there a supported way to do so today other than monkey patching the repository and changing the CSP in the source code?

The actual implementation could be changed to make the CSP configurable.

@thiagowfx
Copy link
Contributor

In this case, would you like to reopen this issue by repurposing it to make the CSP configurable?

@kl177 kl177 mentioned this issue Dec 15, 2023
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question / discussion
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add CONTENT_SECURITY_POLICY kl177/miniflux
3 participants
@fguillot @thiagowfx @spencerwooo