First time poster - I’ve encountered a really weird behaviour that I think might be a bug.
If I have an HTTP response transform rule (for content-security-policy) enabled my self-hosted fonts are loading, but not rendering. Even innocuous transformations that shouldn’t impact fonts.
Scenario 1
- Single transform rule with the following config: Set static — Content-Security-Policy — frame-ancestors ‘none’;
- Purge Everything in the Cache Config page
- ctrl+f5 to reload my site’s home page on any browser
- In dev tools > Networks, check that the content-security-policy is included in the home page response (can take a minute or so - if not, rerun ctrl+f5 on previous step)
- Observe font
RESULT: The custom fonts load and render correctly
Scenario 2
- Single transform rule with the following config: Set static — Content-Security-Policy — frame-ancestors ‘none’; default-src ‘self’; <<i.e. one extra value added on compared to previous
- As before, urge Everything in the Cache Config page
- As before ctrl+f5 to reload my site’s home page on any browser
- As before in dev tools > Networks, check that the content-security-policy is included in the home page response (can take a minute or so - if not, rerun ctrl+f5 on previous step)
- Observe font
EXPECTED RESULT: The custom fonts load and render correctly
ACTUAL RESULT: The fonts load (I can see they have successfully loaded in Sources) but they don’t render.
This screenshot is Edge. I can see the fonts have loaded successfully from Self. I can also see that a base64 image has been blocked by CSP - which is expected as I haven’t enabled data: for img-src. So the font isn’t being blocked from loading by the CSP (it’s black, not red), but something is stopping the custom font rendering.
My fonts are definitely self hosted!