Content Security Policy Settings

At best, I get something like this:

Refused to load the script ‘https://use.typekit.net/abcdefg.js’ because it violates the following Content Security Policy directive: “script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ filesystem: https://use.typekit.net/*”. Note that ‘script-src-elem’ was not explicitly set, so ‘script-src’ is used as a fallback.

Ok so finally figured it out- your plugin instructions and or documentation could assist users who haven’t done these before.

It seems the syntax that must be entered, using the above examples, would be this:

use.typekit.net

Once I dropped the protocol (even though your example shows them) then it started to work!

So to do multiple would be like:

use.typekit.net use.fontawesome.com

^ No quotes, just spaces~

Hope that helps~

Nice to see you figure it out on your own.

Including a protocol will also worked. For example:

https://use.typekit.net
https://*.typekit.net
https:

Dropping the protocol means that the resource will be loaded using the current protocol.

For the right syntax read more at Mozilla developer network:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src