Refused to prefetch content from ‘https://static.observablehq.com/fonts/SourceSerifPro-Regular.ttf.woff2’ because it violates the following Content Security Policy directive: “default-src ‘self’ https://api.observablehq.com https://static.observableusercontent.com https://fil.static.observableusercontent.com”. Note that ‘prefetch-src’ was not explicitly set, so ‘default-src’ is used as a fallback.
Thanks @Fil,
We had a prefetch-src fix waiting in the wings, which has now been deployed, and the error should be gone.
Note that Chrome still has prefetch-src disabled behind a flag as an experimental feature, so that warning will still appear in the console.