You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are using clarity on our site that enforces a strict Content Security Policy (CSP).
We have added the *.clarity.ms domain to all the relevant directives (connect, script, font, image).
We continue to get a large amount of csp violations arising from Clarity, sometimes several hundred per session.
Example violation:
font-src: csp_violation: 'data' blocked by 'font-src' directive
font-src: 'data' blocked by 'font-src' directive of the policy ...
at <anonymous> @ https://www.clarity.ms/s/0.7.49/clarity.js:2:19579
This looks like it is trying to load fonts using data, which is not outlined in the Clarity CSP docs. I'm hesitant to add 'data' to our CSP, as this could present some security risk, albeit a small one. At the least, I believe the docs should mention if this is a requirement.
Do you know why these violations would be occurring, in such high number? Do you have any advice on how to make it go away?
The text was updated successfully, but these errors were encountered:
Hello,
We are using clarity on our site that enforces a strict Content Security Policy (CSP).
We have added the
*.clarity.msdomain to all the relevant directives (connect, script, font, image).We continue to get a large amount of csp violations arising from Clarity, sometimes several hundred per session.
Example violation:
This looks like it is trying to load fonts using data, which is not outlined in the Clarity CSP docs. I'm hesitant to add 'data' to our CSP, as this could present some security risk, albeit a small one. At the least, I believe the docs should mention if this is a requirement.
Do you know why these violations would be occurring, in such high number? Do you have any advice on how to make it go away?
The text was updated successfully, but these errors were encountered: