Since the update of 2.3.5 that came out today Magento built in “Content Security Policy” and that’s great but now I’m wondering how to ignore/whitelist CDN font’s that are now being reported as a false positive in the console log.
Also it says Note that ‘script-src-elem’ was not explicitly set, so ‘script-src’ is used as a fallback.
Does someone have more experience with “Content Security Policy” that can help me out?
[Report Only] Refused to load the script ‘https://kit.fontawesome.com/a0b92fa8c0.js‘ because it violates the following Content Security Policy directive: “script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com ‘self’ ‘unsafe-inline’ ‘unsafe-eval'”. Note that ‘script-src-elem’ was not explicitly set, so ‘script-src’ is used as a fallback.