From accd7c88a712de2cbab8682c0842c2f3f4745ed2 Mon Sep 17 00:00:00 2001
From: TJ Silver <thalia.silver@guardian.co.uk>
Date: Wed, 5 Mar 2025 18:38:42 +0000
Subject: [PATCH] refactor: remove external font sources and add local data

---
 conf/application.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/application.conf b/conf/application.conf
index 35f1fe23..bafe937c 100644
--- a/conf/application.conf
+++ b/conf/application.conf
@@ -67,7 +67,7 @@ play {
 
   filters {
     hosts.allowed = [ "." ]  # allow all hosts because we're behind an ELB with a dynamic hostname
-    headers.contentSecurityPolicy="default-src 'self'; font-src 'self' https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline'"
+    headers.contentSecurityPolicy="default-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'"
   }
 
   # Trust all proxies (the internet can't reach us directly so this is safe)