Greptile Summary

Added https://fonts.googleapis.com to style-src and https://fonts.gstatic.com to font-src CSP directives to allow the Control UI to load Space Grotesk and JetBrains Mono fonts from Google Fonts CDN.

• Appropriately scoped CSP directives (stylesheet domain in style-src, font file domain in font-src)
• No overly permissive wildcards used
• Comprehensive test coverage with updated existing test and new dedicated Google Fonts test
• Well-documented with clear comments explaining the allowances

Confidence Score: 5/5

• This PR is safe to merge with minimal risk.
• Clean, focused change with proper CSP scoping, good test coverage, and standard industry practice for loading Google Fonts. No security concerns identified.
• No files require special attention.

_{Last reviewed commit: 608e980}

Thanks for the update on this.

I am closing this as superseded by #29279 to keep one active PR for this Google Fonts CSP regression.

If you see coverage missing in the new PR, call it out and I will reopen this thread.

Thanks for the earlier contribution.

I’m going to close this as a duplicate of #29279.
This earlier PR is preserved in the canonical history, and the same covered scope is now in the merged fix.

If this is a miss, tell me and I can reopen review right away.