markdown-viewer icon indicating copy to clipboard operation
markdown-viewer copied to clipboard

Published 20 hours ago verified publisher icon simov

"Refused to load the font"

Open DavidBiesack opened this issue 7 years ago • 1 comments
trafficstars

When this extension v3.6 is enabled, visiting https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md fails with

22.0.md:1 Refused to load the font 'data:font/woff;charset=utf-8;base64,d09GRgABAAAAAAZwABAAAAAACFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEU0lHAAAGaAAAAAgAAAAIAAAAAUdTVUIAAAZcAAAACgAAAAoAAQAAT1MvMgAAAyQAAABJAAAAYFYEU3RjbWFwAAADcAAAAEUAAACAAJThvmN2dCAAAATkAAAABAAAAAQAAAAAZnBnbQAAA7gAAACyAAABCUM+8IhnYXNwAAAGTAAAABAAAAAQABoAI2dseWYAAAFsAAABPAAAAZwcEq9taGVhZAAAAsgAAAA0AAAANgh4a91oaGVhAAADCAAAABoAAAAkCA8DRGhtdHgAAAL8AAAADAAAAAwGAACfbG9jYQAAAsAAAAAIAAAACABiATBtYXhwAAACqAAAABgAAAAgAA8ASm5hbWUAAAToAAABQgAAAlXu73sOcG9zdAAABiwAAAAeAAAAME3QpOBwcmVwAAAEbAAAAHY...JBhagk7HQzKxca2sJCE1hDt4QF+9JOS0nbaaYDCQfwCJ7Au3AHj+LO13FMmm6cl7785vven0kBjHCBhfpYuNa5Ph1c0e2Xu3jEvWG7UdPDLZ4N92nOm+EBXuAbHmIMSRMs+4aUEd4Nd3CHD8NdvOLTsA2GL8M9PODbcL+hD7C1xoaHeLJSEao0FEW14ckxC+TU8TxvsY6X0eLPmRhry2WVioLpkrbp84LLQPGI7c6sOiUzpWIWS5GzlSgUzzLBSikOPFTOXqly7rqx0Z1Q5BAIoZBSFihQYQOOBEdkCOgXTOHA07HAGjGWiIjaPZNW13/+lm6S9FT7rLHFJ6fQbkATOG1j2OFMucKJJsxIVfQORl+9Jyda6Sl1dUYhSCm1dyClfoeDve4qMYdLEbfqHf3O/AdDumsjAAB42mNgYoAAZQYjBmyAGYQZmdhL8zLdDEydARfoAqIAAAABAAMABwAKABMAB///AA8AAQAAAAAAAAAAAAAAAAABAAAAAA==' because it violates the following Content Security Policy directive: "font-src assets-cdn.github.com".

Clearing all my cached data does not resole this.

DavidBiesack avatar Jul 31 '18 13:07 DavidBiesack

The URL you are referring to: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md ends with markdown file extension but it serves rendered HTML. You probably want to render the raw URL instead: https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/versions/2.0.md

You have to exclude the github.com origin because it servers rendered HTML.

Then if you want to see the raw markdown file hosted on: https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/versions/2.0.md you have to add the raw.githubusercontent.com origin and disable CSP: screenshot from 2018-08-01 11-25-16

I plan to add presets in the next release to prevent some of the most common mistakes when enabling remote origins. But in the meantime - all aspects of the extension are documented here.

Let me know if it makes sense.

simov avatar Aug 01 '18 08:08 simov