From 9a1a6223b7173f12d9de0c93f1ef41a0868235c1 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 19 Mar 2026 19:11:59 +0000
Subject: [PATCH 1/2] Initial plan


From 61921749b6eeca46f79e1705fe8e7b877295421d Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 19 Mar 2026 19:13:26 +0000
Subject: [PATCH 2/2] Fix CSP font-src to allow data: URIs for swiper.js base64
 fonts

Co-authored-by: KrzysztofPajak <16772986+KrzysztofPajak@users.noreply.github.com>
---
 .../Infrastructure/ApplicationBuilderExtensions.cs              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Web/Grand.Web.Common/Infrastructure/ApplicationBuilderExtensions.cs b/src/Web/Grand.Web.Common/Infrastructure/ApplicationBuilderExtensions.cs
index 2f4fe616d..f4ded74f3 100644
--- a/src/Web/Grand.Web.Common/Infrastructure/ApplicationBuilderExtensions.cs
+++ b/src/Web/Grand.Web.Common/Infrastructure/ApplicationBuilderExtensions.cs
@@ -222,7 +222,7 @@ public static void UseDefaultSecurityHeaders(this WebApplication application)
                 builder.AddUpgradeInsecureRequests();
                 builder.AddDefaultSrc().Self();
                 builder.AddConnectSrc().From("*");
-                builder.AddFontSrc().From("*");
+                builder.AddFontSrc().From("*").Data();
                 builder.AddFrameAncestors().From("*");
                 builder.AddFrameSrc().From("*");
                 builder.AddMediaSrc().From("*");