View Issue Details

IDProjectCategoryView StatusLast Update
0024477mantisbtbugtrackerpublic2018-06-09 09:11
ReporterfmanAssigned Toatrol 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionno change required 
Product Version 
Target VersionFixed in Version 
Summary0024477: How to Fix - Refused to load the font 'data:font/woff;base64,..' because it violates the following Content Security Policy
Description

1) mantis 2.14.0, installed on MAMP PRO Mac.
2) access via http://localhost/mantis

I'm getting this error

Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.

and was not able to find a way to solve this (after searches on google)

I've added http_csp_add( 'font-src', "'self'" );
in http_security_headers()

new error

Refused to load the font 'data:font/woff;base64,d09GRgABAAAAAGVUABEAAAAAxuQAAQABAAAAAAAAAAAAAAAAAAAAAAAAAABHREVGAAABgAAAAC4AAAA0ArgC7UdQT1MAAAGwAAAQ6AAALgxKsqRTR1NVQgAAEpgAAAH3AAAELqI5y+RPUy8yAAAUkAAAAE8AAABgaGyBu2NtYXAAABTgAAABlAAAAkQkRATXY3Z0IAAAFnQAAABeAAAAugDsQf1mcGdtAAAW1AAABZcAAAvNb3/BHGdhc3AAABxsAAAACAAAAAgAAAAQZ2x5ZgAAHHQAAEApAAB3CtbiupxoZWFkAABcoAAAADYAAAA2BkubWWhoZWEAAFzYAAAAIAAAACQHFARfaG10eAAAXPgAAAI6AAAEEk4TN4Nsb2NhAABfNAAAAhIAAAISiLhpam1heHAAAGFIAAAAIAAAACACigzgbmFtZQAAYWgAAACUAAABHhQGLdJwb3N0AABh/AAAAq4AAASRk5y6n3ByZ...QxUajCCFt4p9HP4fzdSWs2XhWl5HvJazrIrFUyB0l5dpqcW10lV2wukjMLuAvyMHNiYpgPsrCVXZDKrkpll6UWkh7kABVAFVCDe7UFmxagDegA+hLHRPbqtMo7ZHCpKdT6tPGXybzo0+RXBLoPZt1tELcXxCmAAyZwYTJvdDFZKnDER44X2451rDqCyunIsRWvLSx6wnWqwPj/uX5/KuEy6DL0z6A/Fn79VihxMFJsrlAFy4DpZOcvNlMeNp+BRDLj0r+XFdRxdSNSNxiI/AL3ojKdAAB4AWPw3sFwIihiIyNjX+QGxp0cDBwMyQUbGdictkUwWDAwsDJogTgOPN4c9iz6bMos4iysHFChUDZXJnMWTSZZJrAQt9M+YQYBBh4GTgY2kEZOoJiA0z4GBxiEiDEzuGxUYewIjNjg0BGxkTnFZaMaiLeLo4GBkcWhIzkkAqQkEggceHw5HFkM2VRZJFlYebR2MP5v3cDSu5GJwWUDW9xG1hQXAFAmKZU=' because it violates the following Content Security Policy directive: "font-src 'self'".

any hint?

TagsNo tags attached.

Activities

atrol

atrol

2018-05-23 09:56

developer   ~0059922

I am pretty sure this is runnig on my Mac.
I will try this evening.

Which browser do you use?
Do you have installed any browser plugins?
Do you get this without having any 3rd party Mantis plugin installed?

atrol

atrol

2018-05-23 09:58

developer   ~0059923

Last edited: 2018-05-23 09:59

View 3 revisions

Might also help post in forum

Adding AllowOverride FileInfo to Apache2.conf for MantisBt did the trick.

fman

fman

2018-05-23 12:51

reporter   ~0059924

Thanks a lot for your fast answer

Browser: Chrome
I've several MantisBT plugins installed => I'm going to try without plugins
I've lot of Chrome addons

I've applied the forum suggestion without any change.

regards

fman

fman

2018-05-23 13:08

reporter   ~0059925

Just installed 2.14.0 without any 3rd party plugin, still message
Refused to load the font 'data:font/woff;base64,d09GRgABAAAAAGVUABEAAAAAxuQAAQABAAAAAAAAAAAAAAAAAAAAAAAAAABHREVGAAABgAAAAC4AAAA0ArgC7UdQT1MAAAGwAAAQ6AAALgxKsqRTR1NVQgAAEpgAAAH3AAAELqI5y+RPUy8yAAAUkAAAAE8AAABgaGyBu2NtYXAAABTgAAABlAAAAkQkRATXY3Z0IAAAFnQAAABeAAAAugDsQf1mcGdtAAAW1AAABZcAAAvNb3/BHGdhc3AAABxsAAAACAAAAAgAAAAQZ2x5ZgAAHHQAAEApAAB3CtbiupxoZWFkAABcoAAAADYAAAA2BkubWWhoZWEAAFzYAAAAIAAAACQHFARfaG10eAAAXPgAAAI6AAAEEk4TN4Nsb2NhAABfNAAAAhIAAAISiLhpam1heHAAAGFIAAAAIAAAACACigzgbmFtZQAAYWgAAACUAAABHhQGLdJwb3N0AABh/AAAAq4AAASRk5y6n3ByZ...QxUajCCFt4p9HP4fzdSWs2XhWl5HvJazrIrFUyB0l5dpqcW10lV2wukjMLuAvyMHNiYpgPsrCVXZDKrkpll6UWkh7kABVAFVCDe7UFmxagDegA+hLHRPbqtMo7ZHCpKdT6tPGXybzo0+RXBLoPZt1tELcXxCmAAyZwYTJvdDFZKnDER44X2451rDqCyunIsRWvLSx6wnWqwPj/uX5/KuEy6DL0z6A/Fn79VihxMFJsrlAFy4DpZOcvNlMeNp+BRDLj0r+XFdRxdSNSNxiI/AL3ojKdAAB4AWPw3sFwIihiIyNjX+QGxp0cDBwMyQUbGdictkUwWDAwsDJogTgOPN4c9iz6bMos4iysHFChUDZXJnMWTSZZJrAQt9M+YQYBBh4GTgY2kEZOoJiA0z4GBxiEiDEzuGxUYewIjNjg0BGxkTnFZaMaiLeLo4GBkcWhIzkkAqQkEggceHw5HFkM2VRZJFlYebR2MP5v3cDSu5GJwWUDW9xG1hQXAFAmKZU=' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.

fman

fman

2018-05-23 13:21

reporter   ~0059926

with safari (activating web developer menu) I got a different error

Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.

atrol

atrol

2018-05-23 14:36

developer   ~0059928

I was not able to reproduce.
Tried Safari Version 11.1 (13605.1.33.1.4) and Chrome Version 66.0.3359.181
Both without any add-on.

This is the CSP I see in browser

Content-Security-Policy: default-src 'self'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'; img-src 'self'

This is the URL for the font

Request URL: http://localhost:8888/atrol/master/fonts/cJZKeOuBrn4kERxqtaUH3ZBw1xU1rKptJj_0jans920.woff2

Did you clear browser cache?
Do you have a changed CSS file?

fman

fman

2018-05-30 04:30

reporter   ~0059974

Hi, going to try and provide feedback
thanks

atrol

atrol

2018-06-09 09:11

developer   ~0060051

fman,

You did not provide feedback; I am therefore resolving this issue as "no change required".

Feel free to reopen the issue at a later time and provide some more information.

Issue History

Date Modified Username Field Change
2018-05-23 09:46 fman New Issue
2018-05-23 09:56 atrol Status new => feedback
2018-05-23 09:56 atrol Note Added: 0059922
2018-05-23 09:58 atrol Note Added: 0059923
2018-05-23 09:59 atrol Note Edited: 0059923 View Revisions
2018-05-23 09:59 atrol Note Edited: 0059923 View Revisions
2018-05-23 12:51 fman Note Added: 0059924
2018-05-23 12:51 fman Status feedback => new
2018-05-23 13:08 fman Note Added: 0059925
2018-05-23 13:21 fman Note Added: 0059926
2018-05-23 14:36 atrol Status new => feedback
2018-05-23 14:36 atrol Note Added: 0059928
2018-05-30 04:30 fman Note Added: 0059974
2018-05-30 04:30 fman Status feedback => new
2018-05-30 04:39 atrol Status new => feedback
2018-06-09 09:11 atrol Assigned To => atrol
2018-06-09 09:11 atrol Status feedback => resolved
2018-06-09 09:11 atrol Resolution open => no change required
2018-06-09 09:11 atrol Note Added: 0060051