- Issue created by @zebda
A client of mine has some issues with the:
fonts.googleapis.com mention in my csp header because this is a url without https://.
I checked my settings and see this is added in the auto-source in the style-src part.
I have some questions about this:
1. What is this auto source based on?
2. Is this indeed a security risk?
3. If needed how can I change this auto-source.
Active
2.0
Code