Content Security Policy error preventing script from running

[flyer1]

I wonder if automating downloads of fonts from fontastic is still possible (which would be wonderful)

The script appears to fail on the initial request at line 28.
If I isolate that line and run the following in the console (using fetch browser API):
fetch('https://file.myfontastic.com/(MY-API-KEY)/icons.css')

I get a content security policy error:
VM143:1 Refused to connect to 'https://file.myfontastic.com/(MY-API-KEY)/icons.css' because it violates the document's Content Security Policy.

My understanding of this is that the host (fontastic) is only allowing connections from a whitelist of servers that they control. Correct me if I'm wrong.