From f80d38e5eb17db0bf64b8e873f1de42e6829084e Mon Sep 17 00:00:00 2001
From: hmalphettes <hmalphettes@gmail.com>
Date: Sun, 24 Mar 2019 01:42:08 +0800
Subject: [PATCH] #6435 CSP add font-src 'self' to enable loading a local font

---
 vault/ui.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vault/ui.go b/vault/ui.go
index 7a637f20a5a92..41cfdb18e23c1 100644
--- a/vault/ui.go
+++ b/vault/ui.go
@@ -32,7 +32,7 @@ type UIConfig struct {
 // NewUIConfig creates a new UI config
 func NewUIConfig(enabled bool, physicalStorage physical.Backend, barrierStorage logical.Storage) *UIConfig {
 	defaultHeaders := http.Header{}
-	defaultHeaders.Set("Content-Security-Policy", "default-src 'none'; connect-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'unsafe-inline' 'self'; form-action 'none'; frame-ancestors 'none'")
+	defaultHeaders.Set("Content-Security-Policy", "default-src 'none'; connect-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'unsafe-inline' 'self'; form-action 'none'; frame-ancestors 'none'; font-src 'self'")
 
 	return &UIConfig{
 		physicalStorage: physicalStorage,