Content Security Policy violation `font-src 'self'`

Hello,

is it possible to solve Content Security Policy violation on data:font/woff;base64,... with website active CSP directive: font-src 'self'?
It creates lots of false positive violation.


1Password Version: 1.13.2
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: Not Provided
Referrer: forum-search:Content security policy violation

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hello @trejjam,

    I'm far from an expert when it comes to CSP but I know from listening to Troy Hunt's podcast that this is something the extension needs to correct and not the site. I'm guessing you've experienced this recently through a site that you maintain. How would you feel about sharing a link to the site in question? My thinking is it can help explain the issue to whoever decides to tackle this if we know a site where this is actively happening. If for any reason you can't or don't want to post the link publicly but maybe privately would be okay let me know and we can easily shift the conversation to email.

    No matter what, this does need an issue filed by myself or a colleague but I suspect what would help is if we have a good example that highlights the problem.

  • trejjam
    trejjam
    Community Member

    Hi,
    When I dig more into it, I found that it is not 1Password extension who's case violation. Sorry to bother you.

  • ag_sebastian
    ag_sebastian
    1Password Alumni

    No worries, @trejjam. Let us know if you stumble upon any issues with 1Password, and we'll be glad to take a look. :)

This discussion has been closed.