Refused to load the font '<URL>' because it violates the following Content Security Policy directive: "font-src 'none'"
I have a huge problem with this error and I can't seem to stop it from showing.
*Disclaimer: I am still a junior and I am still getting to know NextJS in detail, so pardon me if made some mistakes along with asking this question.
I am using the latest version of NextJS (at the time of asking the question) and I am deploying it to vercel
I get this error that is spammed 50 or so times
The things I tried.
1. I added a meta tag to the <Head /> element in _app.tsx that looks like this
<meta
http-equiv="Content-Security-Policy"
content="font-src * 'unsafe-inline';"
/>
(i misspelled the content property several times and it gave me an error, so I know it is working, I am using `font-src * 'unsafe-inline', because it was said, that it allowed all sources)
BUT the error persists
source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src
2. I added headers to next.config.js
...
const securityHeaders = [
{
key: 'Content-Security-Policy',
value: `font-src * 'unsafe-inline';`,
},
]
module.exports = withImages({
async headers() {
return [
{
// Apply these headers to all routes in your application.
source: '/:path*',
headers: securityHeaders,
},
]
},
...
The error keeps showing. If i set this header to font-src 'self' or font-src https://js.stripe.com. I get a different error above this one, that states local font refused to load because it violates font-src https://js.stripe.com
source: https://nextjs.org/docs/advanced-features/security-headers
3. I added vercel.json
A colleague of mine suggested that this might be a vercel error, so I added this to the file
{
"routes": [
{
"src": "/(.*)",
"headers": {
"content-security-policy-report-only": "font-src * 'unsafe-inline';"
}
}
]
}
source: https://app.rapidsec.com/docs/deploying-csp
Still, the error persists
Actual question.
Should I keep up trying with these security headers, or is it a dead-end? Is it a vercel error, or a nextjs one as it happens only on the server? Or should I just try and override the class that assigns these fonts to go around this error.
P.S. when I open the link in the error, it gives me Error 404, and this is the official stripe dependency stripe: "^8.195.0
A browser extension called Ultrawidify was causing the issue. As it scans the site for videos (why, i don't know. I thought it only worked on youtube) it tries to access stripe.com as it was listed in the "Choose which site to control" list. Turning off the extension for the site did nothing, it still gave that error, but disabling it completely fixed the issue,
- Google OAuth components must be used within GoogleOAuthProvider
- Can I use pm2 to keep a Next.js app running
- js sending a 307Next.js 13 redirect with different http method
- Why is hot reloading extremely slow in my Next.js 14 project with TailwindCSS, Shadcn, and React Icons?
- Nextjs server error : "could not find the module"
- next/image does not load images from external URL after deployment
- Tailwind css classes not applying in my component, till i take it to my page.js
- use a hook inside a function
- Argument of type 'string' is not assignable to parameter of type 'Auth'
- My useState Controlled Input Checkbox keeps malfunctioningI
- react-i18next:: You will need to pass in an i18next instance by using initReactI18next
- Passing callback from server component to client component in Next.js
- "Next.js App Requires Node.js Version >= v18.17.0, but Encountering Error with Node.js 16.20.2 - How to Resolve?"
- Async await not getting response back until after refresh
- How to change scrollbar when using Tailwind (next.js/react)
- How to set a cookie in client side in NextJS 13?
- How to resolve "Task timed out after 10.01 seconds" in a Next.js application Deployed on Vercel while using a Proxy API?
- Next.js 13 - Have different shared layouts
- How to add dynamic url to canonical tag in Next.js 14.2.4
- NextRouter was not mounted Next.JS
- getToken occurs error Dynamic Code Evaluation (e. g. 'eval', 'new Function', 'WebAssembly.compile') not allowed in Edge Runtime
- How can I use ES2023 methods in TypeScript?
- How to define startup file in phusion/passenger-nodejs docker container
- Next.js Styled Components weird behaviour
- Next.js fullstack app connect to Cloud SQL PostgreSQL on Google Cloud Run
- Why doesn't CSS work when I deploy the Next.js sample project in production?
- Next.js form works locally but not on live server
- tailwind css not working on production in vercel
- Run of a next js app stuck, npm run dev doesn't work
- Next.js revalidateTag, revalidatePath does not works