Fix CSP font-src to allow data: URIs (swiper.js base64 font) (#658)

Copilot · web-flow · commit 2107395c366b · 2026-03-20T09:58:49.000+01:00
* Fix CSP font-src to allow data: URIs for swiper.js base64 

---------

Co-authored-by: copilot-swe-agent[bot] &lt;198982749+Copilot@users.noreply.github.com&gt;
diff --git a/src/Web/Grand.Web.Common/Infrastructure/ApplicationBuilderExtensions.cs b/src/Web/Grand.Web.Common/Infrastructure/ApplicationBuilderExtensions.cs
@@ -222,7 +222,7 @@ public static void UseDefaultSecurityHeaders(this WebApplication application)
                 builder.AddUpgradeInsecureRequests();
                 builder.AddDefaultSrc().Self();
                 builder.AddConnectSrc().From("*");
-                builder.AddFontSrc().From("*");
+                builder.AddFontSrc().From("*").Data();
                 builder.AddFrameAncestors().From("*");
                 builder.AddFrameSrc().From("*");
                 builder.AddMediaSrc().From("*");
