We're reclaiming inactive PDIs to keep them available for active builders. Learn what's changing, who's affected, and how to protect your work. Read More

google font api issue

varshat41687780
Kilo Contributor
In my service portal I am facing this issue. beacuse of this fonts are not one which I have selected and icons are also not getting loaded.
 
 
js_includes_sp_libs.…ST_2025&c=34_843:17 Loading the stylesheet 'https://fonts.googleapis.com/css2?family=Inter:wght@400;600&display=swap' violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' *.service-now.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback. The action has been blocked.
js_includes_sp_libs.…ST_2025&c=34_843:18 Loading the script 'https://ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js?_=1770805461664' violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.service-now.com js-cdn.dynatrace.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. The action has been blocked.

js_includes_sp_libs.…ST_2025&c=34_843:17 Loading the stylesheet 'https://fonts.googleapis.com/css2?family=Inter:wght@400;600&display=swap' violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' *.service-now.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback. The action has been blocked.
2 REPLIES 2

Matthew_13
Mega Sage

Hi Buddy,

Yep — this is CSP doing its job, not a Service Portal font bug from experience

Your browser is blocking anything loaded from Google Fonts and Googles CDN because your instance CSP only allows resources from self / *.service-now.com and a couple other approved domains. Since those external URLs aren’t on the allow-list, the font stylesheet and the jQuery script get blocked — so your portal falls back to default fonts and your icon library wont load either.

What i say you do is:

  • Best practice: stop pulling fonts/scripts from the public internet and host them in ServiceNow UI Resources / theme assets / attachments) and reference them from your instance domain.

  • If security approves: update your CSP to allow:

    • fonts.googleapis.com and fonts.gstatic.com for Google Fonts

    • ajax.googleapis.com for that jQuery include

  • Also almost forgot you usually dont need to load jQuery from Google at all — ServiceNow already includes it in most portal contexts.

So the fix is either host locally recommended or get CSP updated to allow those external domains.

 

@varshat41687780 - If help you answer; Please mark Solution Accepted and Thumbs Up

MJG

Matthew_13
Mega Sage

Hello Buddy,

I hope solution help you answer. Thanks kindly

MJG