Fix font-src CSP (#1198)

Author: wwwillchen

mesop/server/static_file_serving.py

@@ -229,7 +229,7 @@ def add_security_headers(response: Response):
     csp = OrderedDict(
       {
         "default-src": "'self'",
-        "font-src": "fonts.gstatic.com data:",
+        "font-src": "'self' fonts.gstatic.com data:",
         # Mesop app developers should be able to iframe other sites.
         "frame-src": "*",
         # Mesop app developers should be able to load images and media from various origins.

mesop/tests/e2e/snapshots/web_security_test.ts_csp-allowed-iframe-parents.txt

@@ -1,5 +1,5 @@
 default-src 'self'
-font-src fonts.gstatic.com data:
+font-src 'self' fonts.gstatic.com data:
 frame-src *
 img-src 'self' data: https: http: blob:
 media-src 'self' data: https: blob:

mesop/tests/e2e/snapshots/web_security_test.ts_csp-escaping.txt

@@ -1,5 +1,5 @@
 default-src 'self'
-font-src fonts.gstatic.com data:
+font-src 'self' fonts.gstatic.com data:
 frame-src *
 img-src 'self' data: https: http: blob:
 media-src 'self' data: https: blob:

mesop/tests/e2e/snapshots/web_security_test.ts_csp-trusted-types.txt

@@ -1,5 +1,5 @@
 default-src 'self'
-font-src fonts.gstatic.com data:
+font-src 'self' fonts.gstatic.com data:
 frame-src *
 img-src 'self' data: https: http: blob:
 media-src 'self' data: https: blob:

mesop/tests/e2e/snapshots/web_security_test.ts_csp.txt

@@ -1,5 +1,5 @@
 default-src 'self'
-font-src fonts.gstatic.com data:
+font-src 'self' fonts.gstatic.com data:
 frame-src *
 img-src 'self' data: https: http: blob:
 media-src 'self' data: https: blob: