CSP policy is blocking web-fonts on the starter kit.
I have tried with .htaccess .
Header always set Content-Security-Policy "default-src 'self'; base-uri 'self'; form-action 'self'; font-src 'self' https://bandicoot-merx.local;"
I have tried , With bnomei plugin in config.php
'bnomei.securityheaders.headers' => [
"X-Powered-By" => "", // unset
"X-XSS-Protection" => "1; mode=block",
"X-Content-Type-Options" => "nosniff",
"Referrer-Policy" => "no-referrer-when-downgrade",
"Permissions-Policy" => 'interest-cohort=()',
"Content-Security-Policy" => "default-src 'self', font-src * 'self'",
],
I have tried Header meta tag.
Nothing seems to budge this CSP. Is there something in Kirby or MERX starter KIt?