re: A JavaScript-Free Frontend VIEW POST

FULL DISCUSSION
 

The website looks nice and renders super fast but I am met with a shit ton of errors in the console. Its responsive though which is why I went to the console in the first place!

Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "default-src 'self' <URL>". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
 

Dang! What browser are you using? I'm serving all of the fonts from my own domain, so CSP shouldn't be a problem. I don't understand where the URL <URL> is coming from. Could it be a browser extension of yours?

 

So I looked into it a bit more, the error is more defined as

Refused to load the font 'data:font/woff;base64,d09GRgABAAAAAGVUABEAAAAAxuQAAQABAAAAAAAAAAAAAAAAAAAAAAAAAABHREVGAAABgAAAAC4AAAA0ArgC7UdQT1MAAAGwAAAQ6AAALgxKsqRTR1NVQgAAEpgAAAH3AAAELqI5y+RPUy8yAAAUkAAAAE8AAABgaGyBu2NtYXAAABTgAAABlAAAAkQkRATXY3Z0IAAAFnQAAABeAAAAugDsQf1mcGdtAAAW1AAABZcAAAvNb3/BHGdhc3AAABxsAAAACAAAAAgAAAAQZ2x5ZgAAHHQAAEApAAB3CtbiupxoZWFkAABcoAAAADYAAAA2BkubWWhoZWEAAFzYAAAAIAAAACQHFARfaG10eAAAXPgAAAI6AAAEEk4TN4Nsb2NhAABfNAAAAhIAAAISiLhpam1heHAAAGFIAAAAIAAAACACigzgbmFtZQAAYWgAAACUAAABHhQGLdJwb3N0AABh/AAAAq4AAASRk5y6n3ByZ...QxUajCCFt4p9HP4fzdSWs2XhWl5HvJazrIrFUyB0l5dpqcW10lV2wukjMLuAvyMHNiYpgPsrCVXZDKrkpll6UWkh7kABVAFVCDe7UFmxagDegA+hLHRPbqtMo7ZHCpKdT6tPGXybzo0+RXBLoPZt1tELcXxCmAAyZwYTJvdDFZKnDER44X2451rDqCyunIsRWvLSx6wnWqwPj/uX5/KuEy6DL0z6A/Fn79VihxMFJsrlAFy4DpZOcvNlMeNp+BRDLj0r+XFdRxdSNSNxiI/AL3ojKdAAB4AWPw3sFwIihiIyNjX+QGxp0cDBwMyQUbGdictkUwWDAwsDJogTgOPN4c9iz6bMos4iysHFChUDZXJnMWTSZZJrAQt9M+YQYBBh4GTgY2kEZOoJiA0z4GBxiEiDEzuGxUYewIjNjg0BGxkTnFZaMaiLeLo4GBkcWhIzkkAqQkEggceHw5HFkM2VRZJFlYebR2MP5v3cDSu5GJwWUDW9xG1hQXAFAmKZU=' because it violates the following Content Security Policy directive: "default-src 'self' https://*.stripe.com". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.

I'm on Chrome 72.0.3626.96 (Official Build) (64-bit) for MacOs Mojave on a 15" Retina Macbook.

I went ahead and disabled my adblock and other extensions on the page but that did nothing. I also checked other sites to see if I see a similar error but its only on your site. :(

Woah this is crazy! What page are you on? As far as I know, I'm not base64'ing any fonts!

Dude this is crazy. If you can open devtools and nail down exactly which part of the HTML is doing that, I would be grateful. I have never heard this complaint before, nor have I seen it a console, nor am I aware of anywhere in the app that I have fonts specified as a base64 string. Absolutely the only thing I can think of is a browser extension adding this to the DOM.

It was a browser extension. Took a bit to find it as I'm an idiot. :P

Grammarly's browser extension was the culprit. Sorry to have sent you on a wild goose-chase! haha

About to say, I was having the same thing - The Base 64 decodes to the "Akkurat" font. Didn't have the error incognito though. Crazy!

Figured it out by switching to incognito mode actually. Newly added extensions aren't enabled in incognito by default and I never enabled it there so it makes sense that it would not interfere. :)

 

You can simply add "data:" to the relevant directive(s). That's what we do.

code of conduct - report abuse