Font swiper-icons violates Content Security Policy #4990
Description
Clear and concise description of the problem
Following on from issue #4918, it would be nice if the icon fonts could generally be removed or exchanged for a more practicable solution.
Our project also has the problem that the CSP rules prevent the font from being loaded. Loading is only allowed if we would add font-src: data as an additional rule, which means that the rules are being softened. This is insecure; an attacker could also inject arbitrary data: URIs.
The approach of hosting the fonts locally (as described here) would be practicable but without modifying the swiper-bundle.css or even the minified version.
Suggested solution
I don't have a solution in mind of how to solve this problem, but it would be more workable if we could configure the font to use.
Alternative
No response
Additional context
No response
Validations
- Follow our Code of Conduct
- Read the docs.
- Check that there isn't already an issue that request the same feature to avoid creating a duplicate.
Would you like to open a PR for this feature?
- I'm willing to open a PR