Content Security Policy (CSP) Issues - 3rd Party styles-src failing (google fonts)

After implementing Cloudflare and activating on our test site, it causes a lot ofd style-src errors with our CSP. See screenshot of error below. We added to our CSP, so I’m not sure what the issue is. When we bypass Cloudflare, everything works normally.

Here is our CSP:
Content-Security-Policy "default-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self'; script-src 'self' data:; img-src 'self' data: https:; media-src 'self' https:; connect-src 'self' https: wss:; object-src 'none'; font-src 'self' data: https: blob:;"

This topic was automatically closed after 30 days. New replies are no longer allowed.