We've updated the ServiceNow Community Code of Conduct, adding guidelines around AI usage, professionalism, and content violations. Read more

google font api issue

varshat41687780
Kilo Contributor

4 weeks ago

In my service portal I am facing this issue. beacuse of this fonts are not one which I have selected and icons are also not getting loaded.
 
 
js_includes_sp_libs.…ST_2025&c=34_843:17 Loading the stylesheet 'https://fonts.googleapis.com/css2?family=Inter:wght@400;600&display=swap' violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' *.service-now.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback. The action has been blocked.
js_includes_sp_libs.…ST_2025&c=34_843:18 Loading the script 'https://ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js?_=1770805461664' violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.service-now.com js-cdn.dynatrace.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked.

js_includes_sp_libs.…ST_2025&c=34_843:17 Loading the stylesheet 'https://fonts.googleapis.com/css2?family=Inter:wght@400;600&display=swap' violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' *.service-now.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback. The action has been blocked.
0 Helpfuls
  • 332 Views
2 REPLIES 2

Matthew_13
Mega Sage

4 weeks ago

Hi Buddy,

Yep — this is CSP doing its job, not a Service Portal font bug from experience

Your browser is blocking anything loaded from Google Fonts and Googles CDN because your instance CSP only allows resources from self / *.service-now.com and a couple other approved domains. Since those external URLs aren’t on the allow-list, the font stylesheet and the jQuery script get blocked — so your portal falls back to default fonts and your icon library wont load either.

What i say you do is:

  • Best practice: stop pulling fonts/scripts from the public internet and host them in ServiceNow UI Resources / theme assets / attachments) and reference them from your instance domain.

  • If security approves: update your CSP to allow:

    • fonts.googleapis.com and fonts.gstatic.com for Google Fonts

    • ajax.googleapis.com for that jQuery include

  • Also almost forgot you usually dont need to load jQuery from Google at all — ServiceNow already includes it in most portal contexts.

So the fix is either host locally recommended or get CSP updated to allow those external domains.

 

@varshat41687780 - If help you answer; Please mark Solution Accepted and Thumbs Up

MJG
0 Helpfuls

Matthew_13
Mega Sage

4 weeks ago - last edited 3 weeks ago

Hello Buddy,

I hope solution help you answer. Thanks kindly

MJG
0 Helpfuls