Content Security Policy (CSP) Issues - 3rd Party styles-src failing (google fonts)

After implementing Cloudflare and activating on our test site, it causes a lot ofd style-src errors with our CSP. See screenshot of error below. We added https://fonts.googleapis.com to our CSP, so I’m not sure what the issue is. When we bypass Cloudflare, everything works normally.

image

Here is our CSP:
Content-Security-Policy "default-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com; script-src 'self' data: https://www.google-analytics.com https://checkout.stripe.com https://js.stripe.com/v3/; img-src 'self' data: https:; media-src 'self' https:; connect-src 'self' https: wss:; object-src 'none'; font-src 'self' data: https: blob:;"

This topic was automatically closed after 30 days. New replies are no longer allowed.