A few weeks ago I wrote 3 Ways to Customize Fonts in Confluence and Which One Actually Works. The short version: native Confluence gives you a small set of system fonts, browser extensions don't work for your teammates, and a Marketplace app — full disclosure, the one I build — was the only way to get real Google Fonts inside Confluence Cloud without your pages reaching out to fonts.googleapis.com every time someone opens them.
Three things have changed since that post. Two of them matter for security teams. The third matters for anyone who looked at our font picker and thought "this could be better." (You're right. It's about to be.)
I'm Simon from NGPILOT, and here's what's new.
This is the one I'm proudest of.
Runs on Atlassian is the program Atlassian introduced for apps that run entirely inside Atlassian's infrastructure — no third-party SaaS dependencies, no data leaving Atlassian's perimeter, no surprise outbound calls when a page loads.
For a font app, this matters more than for most. Here's why:
| Concern | Typical Google Fonts embed | Runs on Atlassian |
|---|---|---|
| Where font requests go | fonts.gstatic.com (Google CDN) |
Atlassian's own CDN |
| Data residency | Depends on Google's POP location | Same region as the Confluence page |
| Compliance story | "We use Google Fonts, but trust us" | "Nothing leaves Atlassian" |
| Works behind strict corp firewalls | Often blocked | Yes |
| Network calls when a page renders | External | Internal only |
For admins in regulated industries — finance, healthcare, government, EU customers post-Schrems II — "no outbound calls" is the line that gets an app through procurement. We tick that box now.
When I wrote the original article, the catalog was at 1,785 font families. After syncing against the Google Fonts catalog, we're now at 1,942 families — each shipped with four variants: regular, bold (700), italic, and bold italic. All woff2, all subsetted to Latin + Latin Extended, all served from Atlassian's CDN.
A few of the 157 new additions worth calling out:
None of these require an outbound call. That's the whole point.
We are the #1 font app in marketplace!
Here's the honest part: the current config UI is a flat dropdown with 1,942 entries in alphabetical order. That worked at 200 fonts. It does not work at 1,942. Scrolling is not a design strategy.
We're rebuilding the picker in the style of fonts.google.com — searchable, with preview cards, category filters, and live type-at-real-size previews before you commit.
The 7-field contract that pages depend on stays frozen:
selectedFont, selectedVariant, previewText, selectedFontURL, textSize, textColor, textAlignSo every existing macro keeps rendering identically. Only the choosing changes. Targeting late Q3 — I'll post the before/after here when it ships.
fonts.gstatic.com; data stays in-region on Atlassian's CDNfonts.google.com-style picker in late Q3If you're evaluating font apps for a security review and the Runs on Atlassian angle matters to your team, I'd love to hear what your procurement team typically asks for. What's the checklist look like on your side?
— Simon from NGPILOT
Simon_NGPILOT_
0 comments