I have an extension which works fine in Chrome, and which works in Safari except that it refuses to load the fonts embedded in the extension.
In desktop Safari, it issues the message:
Refused to load chrome-extension://[id of extension here]/assets/font/DM-Sans-500.woff2 because it appears in neither the font-src directive nor the default-src directive of the Content Security Policy.
I added the following content security policy to my (v3) manifest:
"content_security_policy": {
"extension_pages": "font-src 'self' chrome-extension:"
}
But that doesn't fix the problem. On iOS, there's a less informative message about the font not loading; otherwise, I get the same result.
Is my content security policy wrong, or is another CSP somehow being applied? FWIW, an earlier version of the same extension (with changes only in the JavaScript) was working on Safari desktop. I'm not aware of Safari getting upgraded so I don't know what could have changed.
UPDATE: when I tried to use the above content_security_policy in Chrome (not Safari), it wouldn't load: it said that the reference to chrome-extension: was insecure