search

janeczku / calibre-web

:books: Web app for browsing, reading and downloading eBooks stored in a Calibre database
GNU General Public License v3.0
12.01k stars 1.28k forks source link

Content Security Policy doesn't contain font-src blob: #3005

Open lyonzy opened 4 months ago

lyonzy commented 4 months ago

Describe the bug/problem

I have epubs that use fonts from blobs, and the text didn't show (and there were console errors) when it loaded. I fixed it by changing the CSP to allow blob: for fonts (font-src 'self' data: blob:). Happy to provide repro instructions and screenshots but hopefully this is a quick one and doesn't need them.

Environment (please complete the following information): LinuxServer container on Kubernetes.

Additional context Here's the Traefik Middleware I used as a workaround:

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: csp-middleware
  namespace: calibre-web
spec:
  headers:
    contentSecurityPolicy: "default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; font-src 'self' data: blob:; img-src 'self' data: blob: https://*; style-src-elem 'self' blob: 'unsafe-inline';"
OzzieIsaacs commented 4 months ago

The newest nightly version should cover this usecase now

aniude commented 1 week ago

I resolved it just modify the web.py followed by the #3005. thanks.