在配置网站的content-security-policy时,我将字体来源与此类样式相结合设置
style-src 'self' 'unsafe-inline' fonts.googleapis.com;
font-src 'self' fonts.gstatic.com;
这适用于所有情况的Firefox。但是,当谷歌地图试图获取roboto字体时,Chromium会抱怨:
Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'self' fonts.googleapis.com".
Refused to load the font 'https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2' because it violates the following Content Security Policy directive: "font-src 'self' fonts.googleapis.com".
我已尝试添加&#39; unsafe-inline&#39; 和数据:作为计划源,但似乎没有人能够做到这一点。我很困惑为什么Chromium会报告字体"<URL>",它似乎不是accepted scheme source而且我不明白为什么它被阻止了