I have a Custom UI component that uses a third-party script to render mathematical formulas. This script needs to download (many) fonts from the domain that the script itself is also coming from. However, the requests to this domain are getting blocked due to the CSP ‘default-src’. The ‘default-src’ value my browser gets from Atlassian is ‘self’.
I have checked the following pages, but couldn’t see any field that controls ‘default-src’. Is there any way to modify this CSP directive?
At this stage, we won’t be adding default-src, but I’ve added a ticket in our internal backlog to allow you to specify font-src which will take precedence over the default-src rule which should support your use case.
Hi,
I have a similar problem, but my fonts are not hosted on a url, it is encoded as base64 within the Css file. Can you help I’m getting the following error.
Content Security Policy: The page’s settings blocked the loading of a resource at data:application/x-font-ttf;charset=utf-… (“font-src”).
In my case I managed to solve it by importing TTF/Woff format fonts referenced in a different CSS file (that doesn’t base64 encode) within the npm package I’m using. So perhaps you could convert your base64 fonts into that format.