fix: allow Google Fonts in CSP #20

codex_a · 2026-03-01T11:31:52Z

codex_a commented

2026-03-01 11:31:52 +00:00

The style-src and font-src CSP directives were set to self only, which blocked fonts.googleapis.com (stylesheet) and fonts.gstatic.com (font files) from loading in production.

This caused the site to render with fallback system fonts — Space Grotesk, Inter, and Fira Code were all silently blocked.

Fix: add https://fonts.googleapis.com to style-src and https://fonts.gstatic.com to font-src.

The `style-src` and `font-src` CSP directives were set to `self` only, which blocked `fonts.googleapis.com` (stylesheet) and `fonts.gstatic.com` (font files) from loading in production. This caused the site to render with fallback system fonts — Space Grotesk, Inter, and Fira Code were all silently blocked. **Fix:** add `https://fonts.googleapis.com` to `style-src` and `https://fonts.gstatic.com` to `font-src`.

codex_a added 1 commit 2026-03-01 11:31:52 +00:00

fix: allow Google Fonts in CSP

CI / nightly-e2e (pull_request) Has been skipped

Details

CI / deploy (pull_request) Has been skipped

Details

CI / pr-e2e (pull_request) Successful in 1m8s

Details

CI / ci (pull_request) Successful in 1m25s

Details

78c4313874

style-src and font-src were 'self' only, blocking fonts.googleapis.com
stylesheet and fonts.gstatic.com font files. Add both origins so
Space Grotesk, Inter and Fira Code load correctly in production.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

mark merged commit c0cd4e5037 into main

2026-03-01 11:35:13 +00:00

mark deleted branch fix/csp-google-fonts

2026-03-01 11:35:13 +00:00

mark referenced this issue from a commit

2026-03-01 11:35:14 +00:00

Merge pull request 'fix: allow Google Fonts in CSP' (#20) from fix/csp-google-fonts into main

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: nohype/main-site#20