Ask HN: Why can't I apply custom fonts to HN?

4 pointsby -__-14 days ago1 comment

efortis14 days ago
Since this works
```
  const style = document.createElement('style')
  style.textContent = `* { font-family: Arial }`
  document.head.appendChild(style)
```
I'd say the `data:` URL of the font is violating the Content-Security-Policy, which should show an error in the Console.
Their CSP has `default-src 'self'` and has no font-src, so font-src is 'self' too (it would need `data:` as well)
- lupire14 days ago
  A custom browser can set its own CSP, right?
  - bangaladore14 days ago
    CSP is inherently a client-side browser security feature, so yes.