Badges font are broken

[Hywan]

Hello,

Check https://camo.githubusercontent.com/694468544412beab895d5d982f31ff711a7ecf12/687474703a2f2f63656e7472616c2e686f612d70726f6a6563742e6e65742f53746174652f54657374 vs. http://central.hoa-project.net/State/Test. Same code but on githubusercontent.com the @font-face is broken on Firefox:

downloadable font: download not allowed (font-family: "Text" style:normal weight:normal stretch:normal src index:1): content blocked source: http://static.hoa-project.net/Font/DroidSansMono.woff

Our nginx configuration is:

add_header Access-Control-Allow-Origin *;
add_header Cache-Control public;

Do you have the same issue @hoaproject/hoackers?

[Pierozi]

@Hywan Hum unlucky you can't deal with it, it's a Security from Github web server. problem is not related to allow-origin but to Content Security Policy

Look at the server Header Request :

content-security-policy : default-src 'none'; img-src data:; style-src 'unsafe-inline'

[Pierozi]

@Hywan but if you host the Font on same host as githubusercontent.com that will work.

[Hywan]

@Pierozi So we should publish our static files on Github too? All we would have to do is to declare another remote to Bhoat and he will do the work for us. However, I am not sure that githubusercontent.com URLs are “canonical”, i.e. they will not change. Any information?

[Pierozi]

I don't know but we should try. it's our only option actually.

[Hywan]

@Pierozi Or we can rely on fonts installed on the system instead of using a @font-face?

[Pierozi]

Now we serve static file as HTTPS, the github security policy let us load badge. @Hywan @vonglasow This issue can be closed.

[Hywan]

:+1: