CSP violation detected for 'font-src' while serving content at http://localhost:8002/
For an app to share data with external resources or use custom CSP, follow the steps in: https://go.atlassian.com/forge-content-security-and-egress-controls
2.Use AntDesign Chart
CSP violation detected for 'worker-src' while serving content at http://localhost:8002/
For an app to share data with external resources or use custom CSP, follow the steps in: https://go.atlassian.com/forge-content-security-and-egress-controls
I know we should change here, but I don’t know how to find out the url. Anyone could help?
if you do not know where exactly your library is getting fonts from, you could always allow every domain like this:
external:
fonts:
- '*'
Then you can use the developer tools in your browser to see what gets loaded from where and adjust the CSP accordingly. Or maybe bundle everything together so that you don’t need any external fonts.
I agree with the advice given above on allowing everything to start with and then checking where the fonts are actually come from in your browser’s developer console. Once you know the actual source, you can narrow it down in your manifest.
In addition, when changing permissions, especially ingress and egress rules I find that at times I have to uninstall the app from the development instance and reinstall it. Using “forge deploy” is sometimes not enough for these changes.