javascript - Refused to load the font 'data:font/woff.....'it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' -
my react webapp give error on browser console
refused load font 'data:font/woff;base64,d09........' because it
violates following content security policy directive: "default-src
'self'". note 'font-src' not explicitly set, 'default-src' used fallback.
also: refused connect 'ws://localhost:3000/sockjs-node/782/oawzy1fx/websocket' because violates following content security policy directive: "default-src 'self'". note 'connect-src' not explicitly set, 'default-src' used fallback.
screenshot of browser console index.html
have meta:
<meta http-equiv="content-security-policy" content="img-src 'self' data:; default-src 'self' http://121.0.0:3000/">;
webpack.cofig.js
var debug = process.env.node_env !== "production"; var webpack = require('webpack'); var path = require('path'); module.exports = { context: path.join(__dirname, "./src"), devtool: debug ? "inline-sourcemap" : true, entry: "../src/index.js", module: { rules: [ { test: /\.(jpe?g|png|gif|svg|woff|woff2|eot|ttf)$/i, // regular expression catches .js files exclude: /node_modules/, loader: 'url-loader', }, { test: /\.(js|.jsx)$/, exclude: /(node_modules|bower_components)/, loader: 'babel-loader', query: { presets: ['react','es2016', 'stage-0',], plugins: ['react-html-attrs', 'transform-decorators-legacy', 'transform-class-properties'], } }, { test: /\.css$/, use: [ "style-loader", { loader: "css-loader", } ] } ] }, resolve: { modules: [ path.join(__dirname, "src"), "node_modules", ] }, output: { path: __dirname + "/public/", // publicpath: "/public/", filename: "build.js" }, plugins: debug ? [] : [ new webpack.optimize.dedupeplugin(), new webpack.optimize.occurrenceorderplugin(), new webpack.optimize.uglifyjsplugin({ mangle: false, sourcemap: false }), ], devserver: { port: 3000, // common port contentbase: './public', inline: true, historyapifallback: true, } };
csp helps whitelisting sources trust. other sources not allowed access to. read this q&a carefully, , make sure whitelist fonts, socket connections , other sources if trust them.
if know doing, can comment out meta
tag test, works. realise / user being protected here, keeping meta
tag thing.
Comments
Post a Comment