I’m having a free theme provided by third party named FreeGo Solwin, this theme seem to load some font and js from an external site which violate the magento CSP. I’ve try add the whitelist file into folder etc of the theme but it doesnt work.
This is the violation returned by browser:
This is my csp_whitelist.xml placed in design/frontend/Solwin/freego folder:
<?xml version="1.0"?>
<csp_whitelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Csp:etc/csp_whitelist.xsd">
<policies>
<policy id="style-src">
<values>
<value id="cdnjs.cloudflare.com" type="host">cdnjs.cloudflare.com</value>
<value id="fonts.googleapis.com" type="host">fonts.googleapis.com</value>
</values>
</policy>
<policy id="font-src">
<values>
<value id="cdnjs.cloudflare.com" type="host">cdnjs.cloudflare.com</value>
<value id="fonts.gstatic.com" type="host">fonts.gstatic.com</value>
</values>
</policy>
</policies>
</csp_whitelist>
After this i just ran cache:clean but it doesnt work!