magento2 - Magento 2.4.1: How to resolve [Report Only] Refused to load the font '<URL>' because it violates the following Content Security Policy directive:

Question

With a custom module, I am trying to resolve the content security policy warnings. I'm not sure under which policy should I place the URLS reported by Refused to connect to.

Pleae guide me as to how it needs to handled in csp_whitelist.xml. Below is a real example from our store.

[Report Only] Refused to load the font '' because it violates the following Content Security Policy directive: "font-src *.cloudflare.com *.bootstrapcdn.com 'unsafe-inline' data: api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'".

Below is my code in csp_whitelist.xml

<policy id="font-src">
    <values>
        <value id="cloudflare" type="host">*.cloudflare.com</value>
        <value id="maxcdn" type="host">*.bootstrapcdn.com</value>
        <value id="data" type="host">'unsafe-inline' data:</value>
    </values>
</policy>

question from:https://stackoverflow.com/questions/65889684/magento-2-4-1-how-to-resolve-report-only-refused-to-load-the-font-url-bec

Answer 1

Waitting for answers