Remove the connections to fonts.googleapis.com

[ema7569]

The style.css seem to use google fonts and connect to the google site to download a font:

@import url('https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@400;600&display=swap');

We know the browser send a referer to identify the sender url and Google is also know to trace all things.
For privacy reasons please replace the google font by a standard local font, like verdana or other instead of informing Google each time we launch the webui.

In my case my firewall block all non wanted request to google and same like facebook and all other gafam, consequently I can't see these fonts.

Thank.

[ackzsel]

I second this. Firstly I think Google shouldn't be informed about people using stable diffusion web-ui without their explicit consent. Secondly, for people explicitly blocking Google the font is broken.

[w-e-w]

#10324

[NeedsMoar]

Source Sans Pro along with the whole "Source" family of fonts I believe is under the SIL font license which is incredibly permissive and only states that the font, by itself, can't be sold, but that it can be sold as part of software or distributed freely however you want.

Unless the GPL3 has been updated to attempt to subsume more freely licensed included items with its distributions, and I kinda doubt it (this is a compiled resource anyway) then you can just include the thing locally like the Roboto font and avoid internet connections altogether. I imagine Automatic is used far more as a pure local machine / LAN program than a public web application so it would be useful for it to not require anything from the internet and whatever anything says about distribution doesn't matter...

For that matter I wouldn't put python's web server on the actual internet if I was getting paid by the minute to fix security flaws; Python's docs don't even recommend using it in production.

[pixelass]

you can download woff versions here: https://gwfh.mranftl.com/fonts

Then just reference the local file in the frontend/css.

[NeedsMoar]

That site I linked above can transform it into a webfont if necessary for embedding, btw.

Edit: pixelass found a direct link to one so that's even easier.

[catboxanon]

The call to Google fonts is made for the default Gradio theme. As mentioned in #10324, previously it was being made on the Python backend, which was even more intrusive, so this is ultimately the best compromise there is I think. There's no intention to block this ourselves as falling back to a default sans serif font is not ideal, and neither is putting a font library permanently into the repo. If you install the font locally your browser should also know to not reach out to Google. Otherwise -- you may do as OP describes and simply block the requests in your browser or via some other solution.