javascript - Refused to load the font 'data:font/woff.....'it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' -


my react webapp give error on browser console

refused load font 'data:font/woff;base64,d09........' because it violates following content security policy directive: "default-src 'self'". note 'font-src' not explicitly set, 'default-src' used fallback.

also: refused connect 'ws://localhost:3000/sockjs-node/782/oawzy1fx/websocket' because violates following content security policy directive: "default-src 'self'". note 'connect-src' not explicitly set, 'default-src' used fallback.

screenshot of browser console enter image description here index.html have meta:

<meta http-equiv="content-security-policy" content="img-src 'self' data:; default-src 'self' http://121.0.0:3000/">;

webpack.cofig.js

var debug = process.env.node_env !== "production"; var webpack = require('webpack'); var path = require('path');  module.exports = {     context: path.join(__dirname, "./src"),     devtool: debug ? "inline-sourcemap" : true,     entry: "../src/index.js",      module: {         rules: [             {                 test: /\.(jpe?g|png|gif|svg|woff|woff2|eot|ttf)$/i,  // regular expression catches .js files                 exclude: /node_modules/,                 loader: 'url-loader',             },             {                 test: /\.(js|.jsx)$/,                 exclude: /(node_modules|bower_components)/,                 loader: 'babel-loader',                 query: {                     presets: ['react','es2016', 'stage-0',],                     plugins: ['react-html-attrs', 'transform-decorators-legacy', 'transform-class-properties'],                 }             },             {                 test: /\.css$/,                 use: [                     "style-loader",                     {                         loader: "css-loader",                     }                 ]             }         ]     },     resolve: {         modules: [             path.join(__dirname, "src"),             "node_modules",         ]     },     output: {         path: __dirname + "/public/",         // publicpath: "/public/",         filename: "build.js"     },     plugins: debug ? [] : [         new webpack.optimize.dedupeplugin(),         new webpack.optimize.occurrenceorderplugin(),         new webpack.optimize.uglifyjsplugin({ mangle: false, sourcemap: false }),     ],     devserver: {         port: 3000, // common port         contentbase: './public',         inline: true,         historyapifallback: true,     } }; 

csp helps whitelisting sources trust. other sources not allowed access to. read this q&a carefully, , make sure whitelist fonts, socket connections , other sources if trust them.

if know doing, can comment out meta tag test, works. realise / user being protected here, keeping meta tag thing.


Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

Add new key value to json node in java -