How do allow fontawesome as a style-src in my Content-Security-Policy?

Telarian asked:

I’m trying to set my Content-Security-Policy header in .htaccess.

I’ve already tried a variation of the answer to this post but it doesnt work. All my fontawesome icons are broken.

Header always set Content-Security-Policy: "default-src 'self'; style-src  *.fontawesome.com"

I’ve also tried using *.use.fontawesome.com.

I’ve tried setting it with a <meta> tag in my site <head> as well but got the same result.

When using an .htaccess validator I receive the error: “Fatal: Header has too many arguments”

I’m currently receiving this error for this header in particular:

Header set Content-Security-Policy: default-src 'self'; script-src 'self' *.wpengine.com *.hotjar.com; style-src 'self' *.wpengine.com *.fontawesome.com; img-src 'self'; font-src 'self' *.fontawesome *.google.com; connect-src *; media-src *; object-src *; child-src *; frame-src *; worker-src *; frame-ancestors *; form-action *; upgrade-insecure-requests; block-all-mixed-content; referrer no-referrer-when-downgrade

What am I doing wrong?

My answer:


The header value must be quoted if it is meant to contain whitespace.

Your first example properly quotes the value, but your second example does not.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.