"Content Security Policies (CSP) are a powerful tool to mitigate against Cross Site Scripting (XSS) and related attacks, including card skimmers, session hijacking, clickjacking, and more."
First of all - CSP blocks google fonts and other very dangerous resources. In csp_whitelist.xml you may solve this problem