Skip to content

Self-host fonts to eliminate unconditional third-party IP transfers (GDPR)#4

Draft
Copilot wants to merge 2 commits into
mainfrom
copilot/sub-pr-3
Draft

Self-host fonts to eliminate unconditional third-party IP transfers (GDPR)#4
Copilot wants to merge 2 commits into
mainfrom
copilot/sub-pr-3

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 28, 2026
edited
Loading

Every page load was making requests to fonts.googleapis.com and fonts.gstatic.com, transmitting visitor IPs to Google regardless of consent state — a GDPR grey area flagged by German DPAs.

public/fonts/ (new — 7 woff2 files, ~176 KB)

  • Bebas Neue Regular — sourced from dharmatype/Bebas-Neue (OFL)
  • DM Mono Light, LightItalic, Regular, Medium — sourced from google/fonts (OFL), TTF→woff2 converted (~57% size reduction)
  • Instrument Serif Regular, Italic — same source/conversion

public/css/style.css

Seven @font-face rules added at the top of the file with font-display: swap:

@font-face {
  font-family: 'DM Mono';
  src: url('../fonts/DMMono-Regular.woff2') format('woff2');
  font-weight: 400;
  font-style: normal;
  font-display: swap;
}
/* …etc for each variant */

public/index.html + public/privacy.html

Removed all three Google Fonts <link> tags (preconnect ×2 + stylesheet).

public/privacy.html

Third-party services section updated: fonts are self-hosted, no CDN requests.

firebase.json

woff2 added to the 1-year immutable cache rule alongside js|css.

📍 Connect Copilot coding agent with Jira, Azure Boards or Linear to delegate work to Copilot in one click without leaving your project management tool.

Copilot AI mentioned this pull request Mar 28, 2026
Merged
4 tasks
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Mar 28, 2026

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • fonts.googleapis.com
    • Triggering command: /usr/bin/curl curl -s -A Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 Chrome/120 REDACTED,wght@0,300;0,400;0,500;1,300&amp;family=Instrument&#43;Serif:ital@0;1&amp;display=swap (dns block)
    • Triggering command: /usr/bin/curl curl -v -s -A Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 Chrome/120 REDACTED (dns block)
  • gwfh.mranftl.com
    • Triggering command: /usr/bin/curl curl -s REDACTED (dns block)
  • https://api.github.com/repos/googlefonts/dm-mono/contents/fonts
    • Triggering command: /usr/bin/curl curl -s --max-time 15 REDACTED (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI changed the title [WIP] Add GDPR-compliant cookie consent and Privacy Policy Self-host fonts to eliminate unconditional third-party IP transfers (GDPR) Mar 28, 2026
Copilot AI requested a review from paulpv March 28, 2026 22:30
Base automatically changed from copilot/add-professionalism-to-site to main March 29, 2026 07:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@paulpv paulpv Awaiting requested review from paulpv

Assignees

@paulpv paulpv

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@paulpv