From f5327414a5040e9f34bf1bcb3a08efb55736a2ff Mon Sep 17 00:00:00 2001 From: cnathe Date: Wed, 19 Feb 2025 08:38:46 -0600 Subject: [PATCH] Restore http and https for font-src in CSP for app dev hot module reloading --- server/configs/application.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/configs/application.properties b/server/configs/application.properties index 3cd35fa915..7c31e29c73 100644 --- a/server/configs/application.properties +++ b/server/configs/application.properties @@ -132,7 +132,7 @@ management.server.port=@@shutdownPort@@ #useLocalBuild# object-src 'none' ;\ #useLocalBuild# style-src 'self' https: 'unsafe-inline' ;\ #useLocalBuild# img-src 'self' https: data: ;\ -#useLocalBuild# font-src 'self' data: ;\ +#useLocalBuild# font-src 'self' http: https: data: ;\ #useLocalBuild# script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}' ;\ #useLocalBuild# base-uri 'self' ;\ #useLocalBuild# frame-ancestors 'self' ;\ @@ -146,7 +146,7 @@ csp.report=\ object-src 'none' ; /* These tags are not currently used by LKS */\ style-src 'self' 'unsafe-inline' ; /* We currently have a few inline