You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If a site has strict CSP headers, Keystatic is unable to load remote resources (as expected, so not blaming Keystatic at all). Here’s my website’s CSP headers (applied in production, too)
I would like to limit this discussion to the issue of loading external fonts only. In this case, it looks like Keystatic depends on Inter. Would you guys be down to ship the font with Keystatic?
I go out of my way to avoid pinging any Google server(s) if I can. So, while I can permit a couple endpoints (like https://avatars.githubusercontent.com for loading my GitHub avatar), I am not too keen on permitting https://fonts.googleapis.com. Both for my own privacy, and for the sake of the users who visit my website*.
If you guys are willing to take this discussion further, I propose one of 2 suggestions:
Drop external fonts and use system fonts instead
Use something like Bunny Fonts or Fontsource as a(n almost) drop-in replacement for Google Fonts
There’s pros/cons to both approaches. First approach will no longer ensure Keystatic users have a similar experience (typography-wise) when using Keystatic across different browsers/OSes. The second approach will increase the bundle size.
But I still think both options are worth considering, here’s why:
System fonts have come a long way, and the system defaults look a lot better these days
Shipping all of Inter (even if you use the WOFF2 format) will still add ~4.8MB to the bundle size. But if you continuing using the 4 weights as you are now, then I think the increase is bundle size is negligible, compared to what you gain in terms of privacy. There’s also the added benefit of one less network request avoided just to download the font.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello!
If a site has strict CSP headers, Keystatic is unable to load remote resources (as expected, so not blaming Keystatic at all). Here’s my website’s CSP headers (applied in production, too)
I would like to limit this discussion to the issue of loading external fonts only. In this case, it looks like Keystatic depends on Inter. Would you guys be down to ship the font with Keystatic?
I go out of my way to avoid pinging any Google server(s) if I can. So, while I can permit a couple endpoints (like
https://avatars.githubusercontent.comfor loading my GitHub avatar), I am not too keen on permittinghttps://fonts.googleapis.com. Both for my own privacy, and for the sake of the users who visit my website*.If you guys are willing to take this discussion further, I propose one of 2 suggestions:
There’s pros/cons to both approaches. First approach will no longer ensure Keystatic users have a similar experience (typography-wise) when using Keystatic across different browsers/OSes. The second approach will increase the bundle size.
But I still think both options are worth considering, here’s why:
Screenshot of browser console error
Thanks for reading all of this!
When I embed Google Fonts in my website via the Google Fonts Web API, what data does Google receive from my website visitors?*
Beta Was this translation helpful? Give feedback.
All reactions