CSP report log in the console

[iranimij]

Hello
I get the following error on the home page of a Magento 2 store

[Report Only] Refused to load the font 'data:application/font-woff;charset=utf-8;base64, d09GRgABAAAAAAZgABAAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAAGRAAAABoAAAAci6qHkUdERUYAAAWgAAAAIwAAACQAYABXR1BPUwAABhQAAAAuAAAANuAY7+xHU1VCAAAFxAAAAFAAAABm2fPczU9TLzIAAAHcAAAASgAAAGBP9V5RY21hcAAAAkQAAACIAAABYt6F0cBjdnQgAAACzAAAAAQAAAAEABEBRGdhc3AAAAWYAAAACAAAAAj//wADZ2x5ZgAAAywAAADMAAAD2MHtryVoZWFkAAABbAAAADAAAAA2E2+eoWhoZWEAAAGcAAAAHwAAACQC9gDzaG10eAAAAigAAAAZAAAArgJkABFsb2NhAAAC0AAAAFoAAABaFQAUGG1heHAAAAG8AAAAHwAAACAAcABAbmFtZQAAA/gAAAE5AAACXvFdBwlwb3...OnYercZg2YVmLN/d/gczfEimrE/fs/bOuq29Zmn8tloORaXgZgGa78yO9/cnXm2BpaGvq25Dv9S4E9+5SIc9PqupJKhYFSSl47+Qcr1mYNAAAAeNptw0cKwkAAAMDZJA8Q7OUJvkLsPfZ6zFVERPy8qHh2YER+3i/BP83vIBLLySsoKimrqKqpa2hp6+jq6RsYGhmbmJqZSy0sraxtbO3sHRydnEMU4uR6yx7JJXveP7WrDycAAAAAAAH//wACeNpjYGRgYOABYhkgZgJCZgZNBkYGLQZtIJsFLMYAAAw3ALgAeNolizEKgDAQBCchRbC2sFER0YD6qVQiBCv/H9ezGI6Z5XBAw8CBK/m5iQQVauVbXLnOrMZv2oLdKFa8Pjuru2hJzGabmOSLzNMzvutpB3N42mNgZGBg4GKQYzBhYMxJLMlj4GBgAYow/P/PAJJhLM6sSoWKfWCAAwDAjgbRAAB42mNgYGBkAIIbCZo5IPrmUn0hGA0AO8EFTQAA' because it violates the following Content Security Policy directive: "default-src https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ *.bootstrapcdn.com *.cdn-apple.com chimpstatic.com *.cloudflare.com *.cookiebot.com *.doubleclick.net *.etrusted.com *.facebook.com *.facebook.net *.friendlycaptcha.eu *.googleapis.com www.google.at www.google.ch www.google.com.ua www.google.co.nz www.google.de www.google.dk www.google.es www.google.lu www.google.rs *.google.com *.googletagmanager.com *.gstatic.com *.lyra.com *.notolytix.com *.paypalobjects.com *.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.

[amenk]

Do you know where this font tag is generated?

[iranimij]

I think this is coming from IMI_FriendlyCaptcha::imi_friendly_captcha_newsletter.phtml file. there are even more csp errors, the source of the others is friendly-challenge/widget.module.min.js.

new Worker(d.createObjectURL(t)),

other errors text :
'Refused to create a worker from 'blob:...'