Hello @digitalstartup and everybody else,
I did install the CSP module Module you made and got rid of most of the error messages when I inspect with chrome.
However I do have 3 message left (see below). the problem is that they don’t refer to a specific path
What my thoughts are it has to do with WOFF fonts and they are on the magento site itself under /pub/static/...
So I added the URL of the site itself to “font-src” in the csp_whitelist.xml
file but that did not work
The site does not have a certificate yet, does it have to do with that the site has not SSL yet?
Did you come across such a thing yet and how did you solve it?
Thanks a lot!
Kees
My installation followed your instructions, Magento version 2.3.5 on ubuntu 18.04, with elastic search Mirasvit and a number of Amasty extensions, all installed with composer.
message 1:
[Report Only] Refused to load the font 'data:application/octet-stream;base64,d09GMgABAAAAABfcAA8AAAAAMbwAABeEAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHEIGVgCEXgggCZZwEQgKuHCzbgE2AiQDTAsoAAQgBYY5B4IGDIEGGwYuFeOYJeA8gFS/u+0i+//6wDaWNnZfEGToJHc0LPIwI0RoR8P8epqi0CiK35oaP2fuDSb2Cs1gQzC/aFyXukTxacCsoz/dre9+Y+NSnLev1hOzwvnuUEp4vnTm+9LKPu2KQ4gVMdsJWyHobtIdUBcg7HPp4qY7/2nN6n0q7upQZxaY5ACpJajJQlT2CI04YeT9n87y/9HIlr2CEbBBYJaRVwdEPh9VQGWqvJTEr0/RbBfANmWR4Wlz/45bwnGrENZxLPLuVk3UMllaGLDQBqOGAlahP5bWMCuGtamzTsDDqvGphNM/77grthK7AfkUuWSWLnVPFAaN/KBtqmyAwOa+SADA/6PulYYxZS...iFS/hs9i9BED6S0YlTDYfpVJwaG28cruIzp3BHKX8Pi9l8A8nVTzJD0FdYoDdGdb5fw7OFqR+slIrZdXliuKSVk3KcRF9YdMmYGb99N4v+s0VhvZWp6n9+Vu0/WJhPZkXol6pOFSqRsuq79clrW2jToKgSxZ4KPlVug0D3j2QsNTFsUMNhuirKRPFL+RWAJqs2ShdCQkpGjjwFir9wOtT9emb8ShfURBeDMgCR23eTQ0FKbYMFVRalbRyZPOHLcDPiOBOOoSdoPY/XoSPeuLHSRZs1FWS089JrjELYjSfwVYjaDFQZX3TTadFJ377z1lK1Fz0Sqv2NxicS9Q336ydRlc9M3ERVNK7pCC1JJ6DNjA0PrlnFMiGZBwBydoGPXHE/BC0o7IP+5SXT3g+cf3pwQM/NkkEqBTJzT0JBOJO8h3IAAa5PsieD8SEYTO73guZw/k9j0RxxP1xzMZ+IPWbdQIzIOdX8BAdMfjpVHkQoEBLwK/R35pHR/H4KmAwA' because it violates the following Content Security Policy directive: "font-src *.gstatic.com *.fontawesome.com *.bootstrapcdn.com 'self' 'unsafe-inline'".
message 2:
[Report Only] Refused to load the font 'data:application/octet-stream;base64,d09GMgABAAAAABfcAA8AAAAAMbwAABeEAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHEIGVgCEXgggCZZwEQgKuHCzbgE2AiQDTAsoAAQgBYY5B4IGDIEGGwYuFeOYJeA8gFS/u+0i+//6wDaWNnZfEGToJHc0LPIwI0RoR8P8epqi0CiK35oaP2fuDSb2Cs1gQzC/aFyXukTxacCsoz/dre9+Y+NSnLev1hOzwvnuUEp4vnTm+9LKPu2KQ4gVMdsJWyHobtIdUBcg7HPp4qY7/2nN6n0q7upQZxaY5ACpJajJQlT2CI04YeT9n87y/9HIlr2CEbBBYJaRVwdEPh9VQGWqvJTEr0/RbBfANmWR4Wlz/45bwnGrENZxLPLuVk3UMllaGLDQBqOGAlahP5bWMCuGtamzTsDDqvGphNM/77grthK7AfkUuWSWLnVPFAaN/KBtqmyAwOa+SADA/6PulYYxZS...iFS/hs9i9BED6S0YlTDYfpVJwaG28cruIzp3BHKX8Pi9l8A8nVTzJD0FdYoDdGdb5fw7OFqR+slIrZdXliuKSVk3KcRF9YdMmYGb99N4v+s0VhvZWp6n9+Vu0/WJhPZkXol6pOFSqRsuq79clrW2jToKgSxZ4KPlVug0D3j2QsNTFsUMNhuirKRPFL+RWAJqs2ShdCQkpGjjwFir9wOtT9emb8ShfURBeDMgCR23eTQ0FKbYMFVRalbRyZPOHLcDPiOBOOoSdoPY/XoSPeuLHSRZs1FWS089JrjELYjSfwVYjaDFQZX3TTadFJ377z1lK1Fz0Sqv2NxicS9Q336ydRlc9M3ERVNK7pCC1JJ6DNjA0PrlnFMiGZBwBydoGPXHE/BC0o7IP+5SXT3g+cf3pwQM/NkkEqBTJzT0JBOJO8h3IAAa5PsieD8SEYTO73guZw/k9j0RxxP1xzMZ+IPWbdQIzIOdX8BAdMfjpVHkQoEBLwK/R35pHR/H4KmAwA' because it violates the following Content Security Policy directive: "font-src *.gstatic.com *.fontawesome.com *.bootstrapcdn.com 'self' 'unsafe-inline'".
Message 3:
[Report Only] Refused to load the font 'data:application/octet-stream;base64,d09GMgABAAAAABfcAA8AAAAAMbwAABeEAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHEIGVgCEXgggCZZwEQgKuHCzbgE2AiQDTAsoAAQgBYY5B4IGDIEGGwYuFeOYJeA8gFS/u+0i+//6wDaWNnZfEGToJHc0LPIwI0RoR8P8epqi0CiK35oaP2fuDSb2Cs1gQzC/aFyXukTxacCsoz/dre9+Y+NSnLev1hOzwvnuUEp4vnTm+9LKPu2KQ4gVMdsJWyHobtIdUBcg7HPp4qY7/2nN6n0q7upQZxaY5ACpJajJQlT2CI04YeT9n87y/9HIlr2CEbBBYJaRVwdEPh9VQGWqvJTEr0/RbBfANmWR4Wlz/45bwnGrENZxLPLuVk3UMllaGLDQBqOGAlahP5bWMCuGtamzTsDDqvGphNM/77grthK7AfkUuWSWLnVPFAaN/KBtqmyAwOa+SADA/6PulYYxZS...iFS/hs9i9BED6S0YlTDYfpVJwaG28cruIzp3BHKX8Pi9l8A8nVTzJD0FdYoDdGdb5fw7OFqR+slIrZdXliuKSVk3KcRF9YdMmYGb99N4v+s0VhvZWp6n9+Vu0/WJhPZkXol6pOFSqRsuq79clrW2jToKgSxZ4KPlVug0D3j2QsNTFsUMNhuirKRPFL+RWAJqs2ShdCQkpGjjwFir9wOtT9emb8ShfURBeDMgCR23eTQ0FKbYMFVRalbRyZPOHLcDPiOBOOoSdoPY/XoSPeuLHSRZs1FWS089JrjELYjSfwVYjaDFQZX3TTadFJ377z1lK1Fz0Sqv2NxicS9Q336ydRlc9M3ERVNK7pCC1JJ6DNjA0PrlnFMiGZBwBydoGPXHE/BC0o7IP+5SXT3g+cf3pwQM/NkkEqBTJzT0JBOJO8h3IAAa5PsieD8SEYTO73guZw/k9j0RxxP1xzMZ+IPWbdQIzIOdX8BAdMfjpVHkQoEBLwK/R35pHR/H4KmAwA' because it violates the following Content Security Policy directive: "font-src *.gstatic.com *.fontawesome.com *.bootstrapcdn.com 'self' 'unsafe-inline'".