Question T15225
Visible to All Users

Content security policies

created a year ago

Hello,
I noticed that there is a call to this web site : fonts.gstatic.com in V2 version of surveyjs which breaks ou app rules. I there is a way to not make this call ?
Thanks

Show previous comments (1)

    Hello Mohamed,
    For us to move forward and handle this issue, we need to get additional details. Please clarify which specific CSP rule was broken and what error you got.

    I look forward to your reply.

      Hi Jane,
      Here is the error:
      Refused to load the font 'https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2' because it violates the following Content Security Policy directive: "default-src 'self'. Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.

        Hi Mohamed,
        Thank you for the update. I forwarded this information to the team. We'll update you as soon as we get any information. Please stay tuned.

        Thanks

        Answers approved by surveyjs Support

        created a year ago

        Hello Mohamed,
        I discussed this issue with the team, and we recommend importing the survey-creator-core.fontless.css and defaultV2.fontless.css CSS files into your survey creator application like this:

        JavaScript
        import "survey-core/defaultV2.fontless.css"; import "survey-creator-core/survey-creator-core.fontless.css"; //...

        View React Demo

        By using this option, your page won't load fonts from https://fonts.gstatic.com. If needed, you can also register custom fonts to be used by the Survey Creator.

        If you have any further questions, please don't hesitate to reach out. We're here to assist you.