Index: openacs-4/packages/xowiki/tcl/bootstrap-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xowiki/tcl/bootstrap-procs.tcl,v
diff -u -N -r1.3.2.12 -r1.3.2.13
--- openacs-4/packages/xowiki/tcl/bootstrap-procs.tcl	14 Sep 2016 09:16:40 -0000	1.3.2.12
+++ openacs-4/packages/xowiki/tcl/bootstrap-procs.tcl	14 Sep 2016 09:24:46 -0000	1.3.2.13
@@ -35,12 +35,13 @@
     set css [parameter::get_global_value -package_key xowiki -parameter BootstrapCSS] 
     set js  [parameter::get_global_value -package_key xowiki -parameter BootstrapJS]
     #
-    # TODO: We should dynamically be able to determine the
-    # directives. However, for the time being, the urls below are
+    # TODO: We should dynamically be able to determine (some of) the
+    # CSP directives. However, for the time being, the urls below are
     # trusted.
     #
     security::csp::require script-src maxcdn.bootstrapcdn.com
     security::csp::require style-src maxcdn.bootstrapcdn.com
+    security::csp::require font-src maxcdn.bootstrapcdn.com
     
     foreach url $css {::xo::Page requireCSS $url}
     foreach url $js  {::xo::Page requireJS  $url}