CSP config problem with Google fonts

[kokujin]

I have my font-src configured as follows:

HTML:

<link rel="stylesheet" href="//fonts.googleapis.com/css?family=Open+Sans:400italic,700italic,300,400,500,700">

Helmet:

    fontSrc: [
        "'self'",
        'fonts.googleapis.com',
        'themes.googleusercontent.com'
    ]

but I am getting this error in the console:

Refused to load the font 'https://fonts.gstatic.com/s/opensans/v9/DXI1ORHCpsQm3Vp6mXoaTRampu5_7CjHW5spxoeN3Vs.woff2' because it violates the following Content Security Policy directive: "font-src 'self' fonts.googleapis.com themes.googleusercontent.com".

Can someone tell me what I am doing wrong? Thanks

[kokujin]

I added this entry to the list

'fonts.gstatic.com'

And the console errors stopped. Was this the correct way?

[EvanHahn]

Yes! That's perfect.

Would it help to add that kind of instruction to some documentation somewhere?

[kokujin]

Yes it would help, and a link to the official csp docs. Thanks
On Aug 11, 2014 7:22 PM, "Evan Hahn" notifications@github.com wrote:

Yes! That's perfect.

Would it help to add that kind of instruction to some documentation
somewhere?

—
Reply to this email directly or view it on GitHub
#66 (comment).