Description
The newly added signature feature in the vanilla JS package includes an HTTP request to Google Fonts. This introduces an external dependency that may not be acceptable in all environments.
Problem
Hardcoding the Google Fonts URL raises two concerns:
- GDPR compliance – Requests to Google's servers may involve the transfer of user data (e.g. IP addresses) to third parties without explicit consent, which can be a violation in certain jurisdictions.
- Reliability – Making a critical feature dependent on an external API introduces a potential point of failure for applications that require high availability.
Impact
This would allow users to self-host the font, use an alternative, or opt out entirely — making the package usable in privacy-sensitive or network-restricted environments.
Description
The newly added signature feature in the vanilla JS package includes an HTTP request to Google Fonts. This introduces an external dependency that may not be acceptable in all environments.
Problem
Hardcoding the Google Fonts URL raises two concerns:
Impact
This would allow users to self-host the font, use an alternative, or opt out entirely — making the package usable in privacy-sensitive or network-restricted environments.