Ufdjrw

Who was the lone kid in the line of people at the lake at the end of Avengers: Endgame?

How can the Githyanki Supreme Commander move while insubstantial?

Why do games have consumables?

Can I grease a crank spindle/bracket without disassembling the crank set?

What makes accurate emulation of old systems a difficult task?

What happens to Mjolnir (Thor's hammer) at the end of Endgame?

Can I criticise the more senior developers around me for not writing clean code?

Critique of timeline aesthetic

How to denote matrix elements succinctly?

What is the philosophical significance of speech acts/implicature?

How exactly does Hawking radiation decrease the mass of black holes?

Which big number is bigger?

What happened to Captain America in Endgame?

"You've called the wrong number" or "You called the wrong number"

Is it idiomatic to construct against `this`

Is there really no use for MD5 anymore?

can anyone help me with this awful query plan?

Mistake in years of experience in resume?

How to fry ground beef so it is well-browned

How to stop co-workers from teasing me because I know Russian?

Discriminated by senior researcher because of my ethnicity

How to limit Drive Letters Windows assigns to new removable USB drives

Does a large simulator bay have standard public address announcements?

How to not starve gigantic beasts

Google Fonts violates Content Security Policy

Content Security Policy Error in Chrome ConsoleHow to make div not larger than its contents?Content Security Policy “data” not working for base64 Images in Chrome 28How does Content Security Policy work?Jenkins Content Security PolicyWhat exactly does the http-equiv value 'Content-Security-Policy' do?Content Security Policy Error in Chrome ConsoleGoogle fonts blocked by Content Security PolicyContent Security Policy failure and Google FontsContent Security Policy ( style-src ) when load from localhost:xxxx

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

27

10

I'm trying to use Google Fonts and I've never had any problems, but now when I try to add the CSS file on my header I get this error on the console:

Refused to load the stylesheet 'http://fonts.googleapis.com/css?family=Whatever' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'".

html css http google-font-api content-security-policy

share|improve this question

asked Nov 29 '15 at 16:13

José MaríaJosé María

1,15331831

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So you have to change the CSP header you send to allow that resource. If you look at the current setting you can clearly see that styles are limited to the location self which most likely does not include googleapis.com .
  
  – arkascha
  Nov 29 '15 at 16:16
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I've tried modifying it using a meta tag and adding some things I've seen on the internet but I have not been able to solve the this...
  
  – José María
  Nov 29 '15 at 16:17
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  This has nothing to do with meta tags. A CSP header is an http header, so part of the protocol, not the content. You send it, be it by purpose or accidentally. Maybe because you use some framework, but we cannot say any more without you posting more details.
  
  – arkascha
  Nov 29 '15 at 16:17
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Hmmmm, I'm using Meteor JS
  
  – José María
  Nov 29 '15 at 16:20
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  You can easily check that header yourself if you don't believe the error message you see: just open your browsers development console and look at the headers of the basic requests done. They will contain said header. Or you use a network sniffer, comes out the same.
  
  – arkascha
  Nov 29 '15 at 16:22
  

  
  
  
  

add a comment | 

27

10

I'm trying to use Google Fonts and I've never had any problems, but now when I try to add the CSS file on my header I get this error on the console:

Refused to load the stylesheet 'http://fonts.googleapis.com/css?family=Whatever' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'".

html css http google-font-api content-security-policy

share|improve this question

asked Nov 29 '15 at 16:13

José MaríaJosé María

1,15331831

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So you have to change the CSP header you send to allow that resource. If you look at the current setting you can clearly see that styles are limited to the location self which most likely does not include googleapis.com .
  
  – arkascha
  Nov 29 '15 at 16:16
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I've tried modifying it using a meta tag and adding some things I've seen on the internet but I have not been able to solve the this...
  
  – José María
  Nov 29 '15 at 16:17
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  This has nothing to do with meta tags. A CSP header is an http header, so part of the protocol, not the content. You send it, be it by purpose or accidentally. Maybe because you use some framework, but we cannot say any more without you posting more details.
  
  – arkascha
  Nov 29 '15 at 16:17
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Hmmmm, I'm using Meteor JS
  
  – José María
  Nov 29 '15 at 16:20
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  
  You can easily check that header yourself if you don't believe the error message you see: just open your browsers development console and look at the headers of the basic requests done. They will contain said header. Or you use a network sniffer, comes out the same.
  
  – arkascha
  Nov 29 '15 at 16:22
  

  
  
  
  

add a comment | 

I'm trying to use Google Fonts and I've never had any problems, but now when I try to add the CSS file on my header I get this error on the console:

Refused to load the stylesheet 'http://fonts.googleapis.com/css?family=Whatever' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'".

html css http google-font-api content-security-policy

share|improve this question

asked Nov 29 '15 at 16:13

José MaríaJosé María

1,15331831

share|improve this question

asked Nov 29 '15 at 16:13

José MaríaJosé María

1,15331831

share|improve this question

asked Nov 29 '15 at 16:13

José MaríaJosé María

1,15331831

asked Nov 29 '15 at 16:13

José MaríaJosé María

1,15331831

asked Nov 29 '15 at 16:13

José MaríaJosé María

1,15331831

3 Answers
3

active

oldest

votes

56

There are two things to fix here:

• Use https for the Google fonts link (https://fonts.googleapis.com/css?family=Whatever)


• Authorize https://fonts.googleapis.com in style-src directive and https://fonts.gstatic.com in font-src directive: "style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com"
  

share|improve this answer

edited Feb 8 at 16:44

Yves M.

19.3k1272104

answered Jan 3 '16 at 11:28

RolinhRolinh

71378

• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  
  what is the data: for?
  
  – Birowsky
  Sep 2 '16 at 8:55
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Allows data: URIs to be used as a content source. From developer.mozilla.org/en/docs/Web/Security/CSP/…
  
  – James Spencer
  Oct 26 '16 at 10:42
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Solved my problem with google fonts!
  
  – Jenan
  Dec 5 '16 at 11:20
  

  
  
  
  


• 
  
  
  

  
  16
  

  
  
  
  
  
  

  
  
  For others looking at this answer, don't copy over the 'unsafe-inline' as it lowers security for no good reason - it's not needed for the fonts to work. The only reason why it's there is because the OP had it in his original code. Use style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;
  
  – Kevin Lee
  Jul 16 '17 at 14:12
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @KevinLee If you turn your comment into an answer, I'd upvote it.
  
  – lilalinux
  Aug 4 '18 at 10:10
  

  
  
  
  

 | 
show 1 more comment

20

If you're like me and a little confused because every answer is just saying you need to authorize a URL in a style-src directive without showing how to do it, here's the full tag:

<meta http-equiv="Content-Security-Policy" content="style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;">

share|improve this answer

edited Jan 7 at 10:38

Yves M.

19.3k1272104

answered Nov 1 '17 at 10:26

OwenOwen

2,13543143

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Do the content options you left out like default-src etc lower security, or is it the same as not having a meta csp tag in the first place?
  
  – Drenai
  Mar 19 '18 at 14:44
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  With the unsafe-inline attribute allowed, it actually lowers security. The tag can work fine without that, as it makes your app more vulnerable to XSS attacks.
  
  – Paul Berg
  Mar 30 '18 at 9:11
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  removed the 'unsafe-inline'
  
  – Owen
  Apr 9 '18 at 14:38
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I just used it as follows: <meta http-equiv="Content-Security-Policy" content="style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com">
  
  – Yvonne Aburrow
  Apr 9 '18 at 14:41
  
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @Owen It's really difficult to find good info on meta tag csp's. I am not confident in resolving my font warning at the risk of making everything else less secure:-) My site is a portfolio site, and I don't want to be asked "why you do that??" in an interview:-)
  
  – Drenai
  Apr 18 '18 at 14:37
  

  
  
  
  

 | 
show 1 more comment

0

There are multiple sources that can be given for Content-Security-Policy.

Below has clear details, which worked for me.

Depending on which content (css, img, font, media) source error you have, you can change the URL in the below.

<html>

<head>

 <meta http-equiv="Content-Security-Policy"
 content="
 default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; 
 style-src 'self' https://fonts.googleapis.com;
 font-src 'self' data: https://fonts.gstatic.com;
 img-src 'self' data: content:;
 media-src *;
 "
 />

 <title>My page title</title>

</head>

<body>
 some text
</body>

</html>

Hope that helps.

share|improve this answer

edited Mar 10 at 9:00

answered Mar 9 at 8:46

Manohar Reddy PoreddyManohar Reddy Poreddy

6,0565555

add a comment | 

Your Answer

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f33984908%2fgoogle-fonts-violates-content-security-policy%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

56

There are two things to fix here:

• Use https for the Google fonts link (https://fonts.googleapis.com/css?family=Whatever)


• Authorize https://fonts.googleapis.com in style-src directive and https://fonts.gstatic.com in font-src directive: "style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com"
  

share|improve this answer

edited Feb 8 at 16:44

Yves M.

19.3k1272104

answered Jan 3 '16 at 11:28

RolinhRolinh

71378

• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  
  what is the data: for?
  
  – Birowsky
  Sep 2 '16 at 8:55
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Allows data: URIs to be used as a content source. From developer.mozilla.org/en/docs/Web/Security/CSP/…
  
  – James Spencer
  Oct 26 '16 at 10:42
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Solved my problem with google fonts!
  
  – Jenan
  Dec 5 '16 at 11:20
  

  
  
  
  


• 
  
  
  

  
  16
  

  
  
  
  
  
  

  
  
  For others looking at this answer, don't copy over the 'unsafe-inline' as it lowers security for no good reason - it's not needed for the fonts to work. The only reason why it's there is because the OP had it in his original code. Use style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;
  
  – Kevin Lee
  Jul 16 '17 at 14:12
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @KevinLee If you turn your comment into an answer, I'd upvote it.
  
  – lilalinux
  Aug 4 '18 at 10:10
  

  
  
  
  

 | 
show 1 more comment

56

There are two things to fix here:

• Use https for the Google fonts link (https://fonts.googleapis.com/css?family=Whatever)


• Authorize https://fonts.googleapis.com in style-src directive and https://fonts.gstatic.com in font-src directive: "style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com"
  

share|improve this answer

edited Feb 8 at 16:44

Yves M.

19.3k1272104

answered Jan 3 '16 at 11:28

RolinhRolinh

71378

• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  
  what is the data: for?
  
  – Birowsky
  Sep 2 '16 at 8:55
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Allows data: URIs to be used as a content source. From developer.mozilla.org/en/docs/Web/Security/CSP/…
  
  – James Spencer
  Oct 26 '16 at 10:42
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Solved my problem with google fonts!
  
  – Jenan
  Dec 5 '16 at 11:20
  

  
  
  
  


• 
  
  
  

  
  16
  

  
  
  
  
  
  

  
  
  For others looking at this answer, don't copy over the 'unsafe-inline' as it lowers security for no good reason - it's not needed for the fonts to work. The only reason why it's there is because the OP had it in his original code. Use style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;
  
  – Kevin Lee
  Jul 16 '17 at 14:12
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @KevinLee If you turn your comment into an answer, I'd upvote it.
  
  – lilalinux
  Aug 4 '18 at 10:10
  

  
  
  
  

 | 
show 1 more comment

There are two things to fix here:

• Use https for the Google fonts link (https://fonts.googleapis.com/css?family=Whatever)


• Authorize https://fonts.googleapis.com in style-src directive and https://fonts.gstatic.com in font-src directive: "style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com"
  

share|improve this answer

edited Feb 8 at 16:44

Yves M.

19.3k1272104

answered Jan 3 '16 at 11:28

RolinhRolinh

71378

share|improve this answer

edited Feb 8 at 16:44

Yves M.

19.3k1272104

answered Jan 3 '16 at 11:28

RolinhRolinh

71378

edited Feb 8 at 16:44

Yves M.

19.3k1272104

edited Feb 8 at 16:44

Yves M.

19.3k1272104

answered Jan 3 '16 at 11:28

RolinhRolinh

71378

answered Jan 3 '16 at 11:28

RolinhRolinh

71378

20

If you're like me and a little confused because every answer is just saying you need to authorize a URL in a style-src directive without showing how to do it, here's the full tag:

<meta http-equiv="Content-Security-Policy" content="style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;">

share|improve this answer

edited Jan 7 at 10:38

Yves M.

19.3k1272104

answered Nov 1 '17 at 10:26

OwenOwen

2,13543143

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Do the content options you left out like default-src etc lower security, or is it the same as not having a meta csp tag in the first place?
  
  – Drenai
  Mar 19 '18 at 14:44
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  With the unsafe-inline attribute allowed, it actually lowers security. The tag can work fine without that, as it makes your app more vulnerable to XSS attacks.
  
  – Paul Berg
  Mar 30 '18 at 9:11
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  removed the 'unsafe-inline'
  
  – Owen
  Apr 9 '18 at 14:38
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I just used it as follows: <meta http-equiv="Content-Security-Policy" content="style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com">
  
  – Yvonne Aburrow
  Apr 9 '18 at 14:41
  
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @Owen It's really difficult to find good info on meta tag csp's. I am not confident in resolving my font warning at the risk of making everything else less secure:-) My site is a portfolio site, and I don't want to be asked "why you do that??" in an interview:-)
  
  – Drenai
  Apr 18 '18 at 14:37
  

  
  
  
  

 | 
show 1 more comment

20

If you're like me and a little confused because every answer is just saying you need to authorize a URL in a style-src directive without showing how to do it, here's the full tag:

<meta http-equiv="Content-Security-Policy" content="style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;">

share|improve this answer

edited Jan 7 at 10:38

Yves M.

19.3k1272104

answered Nov 1 '17 at 10:26

OwenOwen

2,13543143

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Do the content options you left out like default-src etc lower security, or is it the same as not having a meta csp tag in the first place?
  
  – Drenai
  Mar 19 '18 at 14:44
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  With the unsafe-inline attribute allowed, it actually lowers security. The tag can work fine without that, as it makes your app more vulnerable to XSS attacks.
  
  – Paul Berg
  Mar 30 '18 at 9:11
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  removed the 'unsafe-inline'
  
  – Owen
  Apr 9 '18 at 14:38
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I just used it as follows: <meta http-equiv="Content-Security-Policy" content="style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com">
  
  – Yvonne Aburrow
  Apr 9 '18 at 14:41
  
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  @Owen It's really difficult to find good info on meta tag csp's. I am not confident in resolving my font warning at the risk of making everything else less secure:-) My site is a portfolio site, and I don't want to be asked "why you do that??" in an interview:-)
  
  – Drenai
  Apr 18 '18 at 14:37
  

  
  
  
  

 | 
show 1 more comment

If you're like me and a little confused because every answer is just saying you need to authorize a URL in a style-src directive without showing how to do it, here's the full tag:

<meta http-equiv="Content-Security-Policy" content="style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;">

share|improve this answer

edited Jan 7 at 10:38

Yves M.

19.3k1272104

answered Nov 1 '17 at 10:26

OwenOwen

2,13543143

<meta http-equiv="Content-Security-Policy" content="style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com;">

share|improve this answer

edited Jan 7 at 10:38

Yves M.

19.3k1272104

answered Nov 1 '17 at 10:26

OwenOwen

2,13543143

edited Jan 7 at 10:38

Yves M.

19.3k1272104

edited Jan 7 at 10:38

Yves M.

19.3k1272104

answered Nov 1 '17 at 10:26

OwenOwen

2,13543143

answered Nov 1 '17 at 10:26

OwenOwen

2,13543143

0

There are multiple sources that can be given for Content-Security-Policy.

Below has clear details, which worked for me.

Depending on which content (css, img, font, media) source error you have, you can change the URL in the below.

<html>

<head>

 <meta http-equiv="Content-Security-Policy"
 content="
 default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; 
 style-src 'self' https://fonts.googleapis.com;
 font-src 'self' data: https://fonts.gstatic.com;
 img-src 'self' data: content:;
 media-src *;
 "
 />

 <title>My page title</title>

</head>

<body>
 some text
</body>

</html>

Hope that helps.

share|improve this answer

edited Mar 10 at 9:00

answered Mar 9 at 8:46

Manohar Reddy PoreddyManohar Reddy Poreddy

6,0565555

add a comment | 

0

There are multiple sources that can be given for Content-Security-Policy.

Below has clear details, which worked for me.

Depending on which content (css, img, font, media) source error you have, you can change the URL in the below.

<html>

<head>

 <meta http-equiv="Content-Security-Policy"
 content="
 default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; 
 style-src 'self' https://fonts.googleapis.com;
 font-src 'self' data: https://fonts.gstatic.com;
 img-src 'self' data: content:;
 media-src *;
 "
 />

 <title>My page title</title>

</head>

<body>
 some text
</body>

</html>

Hope that helps.

share|improve this answer

edited Mar 10 at 9:00

answered Mar 9 at 8:46

Manohar Reddy PoreddyManohar Reddy Poreddy

6,0565555

add a comment | 

There are multiple sources that can be given for Content-Security-Policy.

Below has clear details, which worked for me.

Depending on which content (css, img, font, media) source error you have, you can change the URL in the below.

<html>

<head>

 <meta http-equiv="Content-Security-Policy"
 content="
 default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; 
 style-src 'self' https://fonts.googleapis.com;
 font-src 'self' data: https://fonts.gstatic.com;
 img-src 'self' data: content:;
 media-src *;
 "
 />

 <title>My page title</title>

</head>

<body>
 some text
</body>

</html>

Hope that helps.

share|improve this answer

edited Mar 10 at 9:00

answered Mar 9 at 8:46

Manohar Reddy PoreddyManohar Reddy Poreddy

6,0565555

<html>

<head>

 <meta http-equiv="Content-Security-Policy"
 content="
 default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; 
 style-src 'self' https://fonts.googleapis.com;
 font-src 'self' data: https://fonts.gstatic.com;
 img-src 'self' data: content:;
 media-src *;
 "
 />

 <title>My page title</title>

</head>

<body>
 some text
</body>

</html>

share|improve this answer

edited Mar 10 at 9:00

answered Mar 9 at 8:46

Manohar Reddy PoreddyManohar Reddy Poreddy

6,0565555

answered Mar 9 at 8:46

Manohar Reddy PoreddyManohar Reddy Poreddy

6,0565555

answered Mar 9 at 8:46

Manohar Reddy PoreddyManohar Reddy Poreddy

6,0565555