Refused to load the font '<URL>' because it violates the following Content Security Policy directive

Sorry not sure if this is the place to report, but 

Github is broken because of CSP. 

1 Like

I am experiencing a similar issue

it seems that the issue is now fixed

still not fixed for me it seems =(

Are you guys in SE Asia? I am having trouble with githubassets.com too.

… and we’re back.

Hi everyone,

That seemed like a  hiccup in GitHub’s system. For me it works fine right now, and if you’re expierencing issues with the GitHub platform like this you can, after checking https://www.githubstatus.com/ , contact GitHub Support.

1 Like

It seems there’s a difference in the encryption protocols between Github.com and github.githubassets.com.

Github assets is replying with a TLSV1 whereas Gtihub.com is TLSv1.2. This seems to be causing a security issue with some proxies (our corporate one included) and will not allow anything hosted on github.githubassets.com to be loaded.

2019-01-07 10_49_38- Ethernet Connection.png

Good research! This should be logged by moderators soon, so they can internally consider updating the protocol GitHub assets uses.

1 Like

Thanks for reporting that @anphonic! I’ve sent this information to our internal teams to see what we can do about this. Thanks again!

Did you ever get this issue fixed from corporate proxies?

Hi @jakeprevatt, our team is still looking into this issue. Sorry for the delay on this.

Hi @jakeprevatt,

From the investigation we did, we haven’t discovered a case that wasn’t either a temporary hiccup in GitHub’s services or an improperly configured setting in the corporate proxies themselves. You might want to doublecheck the corporate proxy settings and if everything looks good there, contact GitHub Support directly so that we can help you troubleshoot on a case to case basis.

Thanks! 

1 Like

Still happening

@doctoriot as per @that-pat 's post above you should contact GitHub Support to troubleshoot the issue.

1 Like