When enabling the ThreePerf monitor, it internally uses troika-three-text for rendering text labels. troika-three-text automatically loads fonts through @unicode-font-resolver/client, which by default fetches font data from the jsDelivr CDN (https://cdn.jsdelivr.net/gh/lojjic/unicode-font-resolver/...).
This causes external network requests to occur, even when the rest of the viewer and assets are fully local (for example, inside an Electron app, WebView, or offline environment).
Example log from DevTools:
GET https://cdn.jsdelivr.net/gh/lojjic/unicode-font-resolver@v1.0.1/packages/data/font-files/latin/sans-serif.normal.400.woff
In environments with a strict Content Security Policy (CSP) or no Internet access, this causes runtime CSP violations or failures to load the perf overlay.
Even worse the perf monitor fails to display anything other then the graphs with no internet connection.
Example Scenario (index.html):
<meta http-equiv="Content-Security-Policy" content="
default-src 'self';
script-src 'self' 'wasm-unsafe-eval' blob:;
style-src 'self' 'unsafe-inline';
img-src 'self' data: blob: http://localhost:* http://127.0.0.1:*;
font-src 'self' data:;
connect-src 'self' blob: data: ws: wss: http://localhost:* http://127.0.0.1:*;
worker-src 'self' blob: http://localhost:* http://127.0.0.1:*;
media-src 'self' blob: data:;
object-src 'none';
base-uri 'self';
">
Result:
Requested feature
Please add a configuration option (or default fallback) that allows three-perf users to define a local font path or disable Unicode font resolution entirely.
When enabling the ThreePerf monitor, it internally uses troika-three-text for rendering text labels. troika-three-text automatically loads fonts through @unicode-font-resolver/client, which by default fetches font data from the jsDelivr CDN (https://cdn.jsdelivr.net/gh/lojjic/unicode-font-resolver/...).
This causes external network requests to occur, even when the rest of the viewer and assets are fully local (for example, inside an Electron app, WebView, or offline environment).
Example log from DevTools:
GET https://cdn.jsdelivr.net/gh/lojjic/unicode-font-resolver@v1.0.1/packages/data/font-files/latin/sans-serif.normal.400.woffIn environments with a strict Content Security Policy (CSP) or no Internet access, this causes runtime CSP violations or failures to load the perf overlay.
Even worse the perf monitor fails to display anything other then the graphs with no internet connection.
Example Scenario (index.html):
Result:
Requested feature
Please add a configuration option (or default fallback) that allows three-perf users to define a local font path or disable Unicode font resolution entirely.