nhcarrigan/library
9
0
Fork 0
generated from nhcarrigan/template
Code Issues Pull Requests 54 Actions Releases 3 Activity

fix: load Google Fonts correctly with strict CSP #77

Merged
naomi merged 1 commits from chore/font into main 2026-03-05 10:32:20 -08:00
Conversation 0 Commits 1 Files Changed 4
+32 -3
hikari commented 2026-03-05 10:29:04 -08:00
Owner
Copy Link
Copy Source

Summary

  • Allows fonts.googleapis.com in style-src and fonts.gstatic.com in font-src so the browser can load Google Fonts
  • Adds preconnect hints and the Google Fonts import (Griffy, Kalam, Creepster, Henny Penny) to index.html
  • Sets the body font to Kalam and heading font to Griffy, with utility classes for Creepster and Henny Penny
  • Disables Angular's inlineCritical optimisation, which was causing the stylesheet to be deferred via onload="this.media='all'" — an inline event handler blocked by the strict script-src CSP, preventing the heading font rules from ever applying to screen media

Test plan

  • Rebuild and reload the app
  • Verify headings render in Griffy
  • Verify body text renders in Kalam
  • Check DevTools Styles tab confirms the h1-h6 font-family rule is matched

This PR was created with help from Hikari~ 🌸

## Summary - Allows `fonts.googleapis.com` in `style-src` and `fonts.gstatic.com` in `font-src` so the browser can load Google Fonts - Adds preconnect hints and the Google Fonts import (Griffy, Kalam, Creepster, Henny Penny) to `index.html` - Sets the body font to Kalam and heading font to Griffy, with utility classes for Creepster and Henny Penny - Disables Angular's `inlineCritical` optimisation, which was causing the stylesheet to be deferred via `onload="this.media='all'"` — an inline event handler blocked by the strict `script-src` CSP, preventing the heading font rules from ever applying to screen media ## Test plan - [ ] Rebuild and reload the app - [ ] Verify headings render in Griffy - [ ] Verify body text renders in Kalam - [ ] Check DevTools Styles tab confirms the `h1-h6` font-family rule is matched ✨ This PR was created with help from Hikari~ 🌸
hikari added 1 commit 2026-03-05 10:29:04 -08:00
fix: load Google Fonts correctly with strict CSP
Node.js CI / CI (pull_request) Successful in 1m37s
Details
Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m41s
Details
3b3ac3d1ef 
- Allow fonts.googleapis.com in style-src and fonts.gstatic.com in font-src
- Add Google Fonts preconnect links and import (Griffy, Kalam, Creepster, Henny Penny)
- Set body font to Kalam and heading font to Griffy
- Disable Angular inlineCritical optimisation to prevent deferred CSS loading via onload attribute, which was blocked by the strict script-src CSP
naomi merged commit 7d8c6bf21c into main 2026-03-05 10:32:20 -08:00
naomi deleted branch chore/font 2026-03-05 10:32:20 -08:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
aspect
code
Concerns the software code in the repository
aspect
dx
Concerns developers' experience with the codebase
aspect
interface
Concerns end-users' experience with the software
aspect
text
Concerns the documentation material in the repository
contribute
good first issue
A great opportunity for a team member to learn a new codebase
contribute
help wanted
Open for anyone on our team to grab.
contribute
staff only
Restricted to our executive leadership.
goal
addition
Addition of new feature
goal
fix
Bug fix
goal
improvement
Improvement to an existing feature
points
1
Very simple issue requiring minimal effort and complexity.
points
13
Extremely complex issue representing major undertakings. Should be broken down into smaller pieces.
points
2
Simple issue that requires a bit more thought or investigation.
points
3
Moderate complexity issue requiring more substantial work.
points
5
Complex issue requiring significant effort and expertise.
points
8
Very complex issue requiring extensive work and deep expertise.
priority
critical
1
Must be fixed ASAP
priority
high
2
Stalls work on the project or its dependents
priority
low
4
Low priority and doesn't need to be rushed
priority
medium
3
Not blocking but should be fixed soon
priority
none
5
No priority, should only be performed when a developer is available
status
awaiting triage
Has not been triaged & therefore, not ready for work
status
blocked
Blocked and therefore not ready for work
status
discarded
Will not be worked on
status
discontinued
Not suitable for work as repo is in maintenance
status
label work required
Needs proper labelling before it can be worked on
status
ready for dev
Ready for work
status
ticket work required
Needs more details before it can be worked on
talk
discussion
Open for discussions and feedback
talk
question
Can be resolved with an answer
time
1 day
Approximately one full day of development work.
time
1-2 weeks
One to two weeks of focused development effort.
time
2-3 days
Two to three days of development effort.
time
4-5 days
Approximately one week of development work.
time
<1 day
Less than one day of focused work. Quick fixes or simple tasks.
time
>2 weeks
More than two weeks of development work. Must be broken down into smaller pieces.
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
gurkirat hanna (Hanna Rose) hikari (Hikari) minori (Minori) naomi (Naomi Carrigan) rain teklu tim
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: nhcarrigan/library#77
Delete Branch "chore/font"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?