The front end UI for our privacy enhancing reverse proxy to https://fonts.googleapis.com calls out directly to https://fonts.googleapis.com when you click on a font to see the URLs to use to load it via the proxy.
Steps to reproduce:
- Browse to https://fontcdn.toolforge.org/
- Open js console/developer tools
- Click on any font card (for example Roboto)
- Watch the long stream of CSP violation warnings scroll by