From 5367f69d966848b4d16c584b85301cda87ad6d31 Mon Sep 17 00:00:00 2001 From: Carlo Nomes Date: Tue, 6 Nov 2018 16:34:29 +0100 Subject: [PATCH] fix(stark-build): add cspFontSrc as configurable property to webpack dev server this enables users to set fonts hosted at a CDN --- packages/stark-build/config/webpack.dev.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/stark-build/config/webpack.dev.js b/packages/stark-build/config/webpack.dev.js index 4ab445c7ef..f8e8b0e1d9 100644 --- a/packages/stark-build/config/webpack.dev.js +++ b/packages/stark-build/config/webpack.dev.js @@ -47,7 +47,7 @@ module.exports = function(env) { // "default-src 'self'", // FIXME: enable as soon as the issue is fixed in Angular (https://github.com/angular/angular-cli/issues/6872 ) "child-src 'self'", "connect-src 'self' ws://" + METADATA.HOST + ":" + METADATA.PORT + " " + webpackCustomConfig["cspConnectSrc"], // ws://HOST:PORT" is due to Webpack - "font-src 'self'", + "font-src 'self' " + webpackCustomConfig["cspFontSrc"], "form-action 'self' " + webpackCustomConfig["cspFormAction"], "frame-src 'self'", // deprecated. Use child-src instead. Used here because child-src is not yet supported by Firefox. Remove as soon as it is fully supported "frame-ancestors 'none'", // the app will not be allowed to be embedded in an iframe (roughly equivalent to X-Frame-Options: DENY)