In Germany a recent court ruling has decreed that Google Fonts violate applicable privacy laws and can’t be loaded without the user’s consent. Unfortunately, there really isn’t a way to do this via cookie tools. So most website operators are resorting to installing the required fonts locally.
This works for the most part, unfortunately certain plugins load Google Fonts after the fact. So I’m looking for a way to prevent my sites from making any connection to fonts dot gstatic dot com and fonts dot googleapis dot com at all via Cloudflare. Is there a way to create a firewall rule or worker script that does this?
That shows yet again how less our judicative system knows about those things they set up rules for …
That is the point the German judges did not understand. Your website does not make any connection/call! It just contains links which the client calls.
But anyway, what you want to achieve is possible with CSP. Feel free to modify/edit this little CSP snippet to match your requirements:
content-security-policy: font-src 'self';
This should prevent any font that would have been loaded from any domain other than yours.
Thanks for your speedy reply, although I should have been a bit more specific, however.
What I’m looking for is a general way to prevent sites from accessing certain URLs; in this specific case it relates to Google Fonts, but I’m looking for a general way to prevent any connection being made to any random URL via Cloudflare.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.