data: is not secure
cordoval opened this issue · 0 comments
cordoval commented
there are some instances, step, dropdowns, rating, checkbox, accordion that use data:
/* Dropdown Carets */
@font-face {
font-family: 'Dropdown';
src:
url(data:application/x-font-ttf;charset=utf-8;basAs per
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src
This is unsafe, could you please replace this data: with references to specific assets inside semantic-ui folders?
Webpack currently is able to build this package semantic-ui without problems, but on production this is very unsecure use of data:
The solution is simple and just replacing this for the asset could fix it
Thanks