This is not a bug. For security reasons, themes(css) cannot load remote resources https://docs.obsidian.md/Themes/App+themes/Embed+fonts+and+images+in+your+theme. This is enforced in 1.5.x with that CSP header and we are not going to remote it.
Moved to developers and api.