CD
Cloudflare Developers8mo ago
Bryce Wray

CSP issues with CF Fonts and CF Workers (execution order)

In my CF Pages site repo, I use a CF Worker (through functions/middleware.js) for, among other things, providing a Content Security Policy. One part of that CSP requires using a nonce to allow style statements, so — also with the Worker — I inject a nonce into any style statements that I must use for whatever reason. I'm now testing Cloudflare Fonts and see that my CSP is rejecting the style statements CF Fonts sets up because that nonce isn't getting injected, presumably because the CF Fonts stuff happens after the Worker runs. Am I correct in assuming that this order can't be changed? And, if that's the case, is my only option to add unsafe-inline and be done with it? (Also posted this on the Discourse. If I get an answer on either source, will indicate that and close each accordingly.)
0 Replies
No replies yetBe the first to reply to this messageJoin
Want results from more Discord servers?
Add your server
More Posts
or is there a better way Opening anor is there a better way? Opening an issue on the wrangler github?MIME issueHello everyone, I am facing issue after proxying a route checkoutv2 on cloudflare. The application i