The website works fine on all other browsers I've tested it on.
On the Brave browser, an error occurs for line 1 of my index.html file (Which is <!DOCTYPE html>):
Refused to load the font 'data:application/font-woff...' because it violates the following Content Security Policy directive: "default-src 'self' *.favicon.cc *.google.com *.gstatic.com *.googleapis.com". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
Line 6 of my index.html is this: <meta http-equiv="Content-Security-Policy" content="font-src 'self' data:; default-src 'self' data: blob: 'unsafe-inline';">.
For some reason, this error only occurs on this .co domain, but when I host the same HTML file on other TLDs (I've tested: .ml, .gq, .dev) it works with no issue, using the CSP I set in the header.
Is there any way to get Brave to use the CSP I set in the file instead of the one Brave uses? I've tried using it as an actual HTTP header, no change.
Edit for additional context: The entire page breaks as if the CSP is set to "default-src 'self' *.favicon.cc *.google.com *.gstatic.com *.googleapis.com" and other page elements do not load properly.
It turns out it's an issue with brave's shields. Disabling them fixed it. I have reported my site to Brave's developers so they can try and fix the problem. As for my site, i've switched to a .com domain from the original .co domain, and it works fine now.