Google Fonts violates Content Security Policy

html css http google-font-api content-security-policy
José María picture José María · Nov 29, 2015 · Viewed 44.9k times · Source

I'm trying to use Google Fonts and I've never had any problems, but now when I try to add the CSS file on my header I get this error on the console:

Refused to load the stylesheet 'http://fonts.googleapis.com/css?family=Whatever' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'".

Answer

Rolinh picture Rolinh · Jan 3, 2016

There are two things to fix here:

  • Use https for the Google fonts link (https://fonts.googleapis.com/css?family=Whatever)
  • Authorize https://fonts.googleapis.com in style-src directive and https://fonts.gstatic.com in font-src directive: "style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com"

Related questions

How to fix "Blocked loading mixed active content" for css and js over https

When attempting to view my site over https, I keep getting a "Blocked loading mixed active content" error in my Firefox console. I am getting this error only for my css and js file. The reason I am so confused …

Read More
How to save a web page snapshot with all its elements (css, js, images, ...) into one file

How is it possible to programmatically save a web page snapshot with all its elements (css, js, images, ...) into one file? I need to archive some web pages regularly. However, just saving their HTML code is useless - not only …

Read More
How to horizontally center a <div>

How can I horizontally center a <div> within another <div> using CSS? <div id="outer"> <div id="inner">Foo foo</div> </div>

Read More