Storyline 360: CST - font src violation of CSP

May 07, 2021

As of last week (April 20 2021), any story.html or story_html5.html content displays like the first image below.  Content that was on the server and displayed before just fine and new content like the image here. Rise content is fine.  The second image is the error that displays.

If you can see it, it says that there is a violation of the content security policy directive for font-src.  Now, I checked the meta tag that is generated automatically and it is :

According to stack overflow and w3schools, this could be the problem:

According to this Stack Overflow article AND W3schools, shouldn’t it be:

We have verified the MIME Type of .woff is on the server.  Our IT folks can't find any setting that has changed or policy that has changed.  Your Support folks say its not Storyline. I am stuck between a rock and a hard place with content that will not display correctly.

I am soon facing the choice of removing all storyline content that is web published. It publishes just fine in the LMS and for you all when you tested it.  

Anyone that can figure it out, I would be very grateful.  Denise


4 Replies
Lauren Connelly

Hi Denise!

I'm sorry you're running into this issue with fonts! I see that my teammate, Lianne, is working with you in a support case! You're in great hands.

It looks like Lianne has replied to your last message. We'll continue the conversation in your case so that we have all the information in one spot. 

Jose Tansengco

Hello Vernon, 

Happy to help!

I took a look at Denise's case and it looks like the issue was isolated to the use of custom fonts in the course. As a troubleshooting step, please try replacing the fonts in your course with a standard font like Arial to see if this helps. You can use Storyline 360's Replace Fonts feature to quickly switch between fonts.

If using Arial allows the course to display properly, try reinstalling the affected fonts or downloading them from a different source. If the issue persists, open a case with our support team here so we can take a closer look at what's happening.

Jürgen Schoenemeyer

storyline loads the fonts not in woff files (the normal methode)

storyline loads the fonts embeded in the css file "html5/data/css/output.min.css"

the font are loaded via a base64 codes data url (the method is NOT common)
and can be affected with a  Content Security Policy

this seems to be happed here

this is a problem of the the web server configuration, perhaps a browser incompatiblity

=> reinstall or change the font will not solve the problem