From f29797925336a4439e21a6de335b14853288db37 Mon Sep 17 00:00:00 2001
From: Catherine Deskur <46695336+chdeskur@users.noreply.github.com>
Date: Thu, 1 Aug 2024 12:05:06 -0400
Subject: [PATCH] (fix): include data and urls (#1234)

---
 packages/ui/docs-bundle/next.config.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/packages/ui/docs-bundle/next.config.js b/packages/ui/docs-bundle/next.config.js
index ad25253e97..68e2197e93 100644
--- a/packages/ui/docs-bundle/next.config.js
+++ b/packages/ui/docs-bundle/next.config.js
@@ -78,6 +78,8 @@ const nextConfig = {
 
         const styleSrc = ["'self'", "'unsafe-inline'"];
 
+        const fontSrc = ["'self'", "data:", ...DOCS_FILES_URLS];
+
         if (cdnUri != null) {
             scriptSrc.push(`${cdnUri.origin}`);
             connectSrc.push(`${cdnUri.origin}`);
@@ -102,7 +104,7 @@ const nextConfig = {
             "base-uri 'self'",
             "form-action 'self'",
             "frame-ancestors 'none'",
-            "font-src 'self' data:",
+            `font-src ${fontSrc.join(" ")}`,
             // "upgrade-insecure-requests", <-- this is ignored because Report-Only mode is enabled
         ];