Content Security Policy error (using Merx Starterkit)


I’m trying to customize the Merx Starterkit and use Webfonts via @font-face.
But now I’m getting the following error:

Content Security Policy: The page's settings blocked the loading of a resource at http://merx.test/assets/fonts/Waldenburg-Mager.ttf ("default-src").

Never had this problem before, so I’m a little stuck right now. The fonts are stored in the folder ‘assets/fonts’ and are linked correctly.

In the config file, you will find a route:after hook that sets CSP header, you would have to adapt those for fonts