hashicorp#6435 CSP add font-src 'self' to enable loading a local font

hmalphettes · Apr 11, 2019 · f80d38e · f80d38e
1 parent 2933616
commit f80d38e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/vault/ui.go b/vault/ui.go
@@ -32,7 +32,7 @@ type UIConfig struct {
 // NewUIConfig creates a new UI config
 func NewUIConfig(enabled bool, physicalStorage physical.Backend, barrierStorage logical.Storage) *UIConfig {
 	defaultHeaders := http.Header{}
-	defaultHeaders.Set("Content-Security-Policy", "default-src 'none'; connect-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'unsafe-inline' 'self'; form-action 'none'; frame-ancestors 'none'")
+	defaultHeaders.Set("Content-Security-Policy", "default-src 'none'; connect-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'unsafe-inline' 'self'; form-action 'none'; frame-ancestors 'none'; font-src 'self'")
 
 	return &UIConfig{
 		physicalStorage: physicalStorage,