Content Security Policy (CSP) Issues - 3rd Party styles-src failing (google fonts)

After implementing cloudflare and activating on our test site, it causes a lot ofd style-src errors with our CSP. See screenshot of error below. We added https://fonts.googleapis.com to our CSP, so I’m not sure what the issue is. When we bypass cloudflare, everything works normally.

Here is our CSP:
Content-Security-Policy "default-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com; script-src 'self' data: https://www.google-analytics.com https://checkout.stripe.com https://js.stripe.com/v3/; img-src 'self' data: https:; media-src 'self' https:; connect-src 'self' https: wss:; object-src 'none'; font-src 'self' data: https: blob:;"