In regards to the fonts, my CSP is set as follows:
font-src 'self' https://fonts.gstatic.com/;
When I load the page I get the following error:
Refused to load the font 'data:application/font-woff;charset=utf-8;base64, [snip] because it violates the following Content Security Policy directive: "font-src 'self' https://fonts.gstatic.com/".
I checked the forums and found this page but it doesn’t provide any information beyond what I’m already doing so what am I missing?