Sto*_*ght 4 google-chrome webfonts http-headers
我已将Google字体URL添加到Content-Security-Policy标头的font-src指令中.我在Chrome 42中遇到以下错误:
Refused to load the stylesheet 'http://fonts.googleapis.com/css?
family=Open+Sans:300,400,400italic,600,800|Source+Code+Pro' because it violates the
following Content Security Policy directive: "style-src 'self' 'unsafe-inline'".
我的标题字段如下所示:
Content-Security-Policy: default-src 'self'; font-src http://fonts.googleapis.com;
style-src 'self' 'unsafe-inline'
问题是链接http://fonts.googleapis.com返回样式表,而不是字体.如果您检查它所引入的样式表,您将找到几个从中提取字体的@ font-face规则http://fonts.gstatic.com.
为了使其正常工作,您的Content-Security-Policy标头应如下所示:
Content-Security-Policy: default-src 'self'; font-src http://fonts.gstatic.com;
style-src 'self' 'unsafe-inline' http://fonts.googleapis.com
| 归档时间: |
|
| 查看次数: |
4944 次 |
| 最近记录: |