Auto-source fonts.googleapis.com without https://

Created on 3 April 2025, 2 days ago

Problem/Motivation

A client of mine has some issues with the:
fonts.googleapis.com mention in my csp header because this is a url without https://.
I checked my settings and see this is added in the auto-source in the style-src part.

Question

I have some questions about this:
1. What is this auto source based on?
2. Is this indeed a security risk?
3. If needed how can I change this auto-source.

💬 Support request

Status

Active

Version

2.0

Component

Code

Created by

🇳🇱Netherlands zebda

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @zebda
Comment 2 days ago →
🇳🇱Netherlands zebda

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024