nextcloud
diff --git a/‎lib/public/AppFramework/Http/ContentSecurityPolicy.php‎
Lines changed: 1 addition & 0 deletions b/‎lib/public/AppFramework/Http/ContentSecurityPolicy.php‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎tests/lib/AppFramework/Controller/ControllerTest.php‎
Lines changed: 1 addition & 1 deletion b/‎tests/lib/AppFramework/Controller/ControllerTest.php‎
Lines changed: 1 addition & 1 deletion
@@ -80,6 +80,7 @@ class ContentSecurityPolicy extends EmptyContentSecurityPolicy {
 	/** @var array Domains from which fonts can be loaded */
 	protected $allowedFontDomains = [
 		'\'self\'',
+		'data:',
 	];
 	/** @var array Domains from which web-workers and nested browsing content can load elements */
 	protected $allowedChildSrcDomains = [];
 
@@ -116,7 +116,7 @@ public function testFormatDataResponseJSON() {
 			'test' => 'something',
 			'Cache-Control' => 'no-cache, no-store, must-revalidate',
 			'Content-Type' => 'application/json; charset=utf-8',
-			'Content-Security-Policy' => "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self'",
+			'Content-Security-Policy' => "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self'",
 		];
 
 		$response = $this->controller->customDataResponse(array('hi'));