diff --git a/src/lib/__tests__/validators.test.ts b/src/lib/__tests__/validators.test.ts
index e418068d..ef59665c 100644
--- a/src/lib/__tests__/validators.test.ts
+++ b/src/lib/__tests__/validators.test.ts
@@ -206,4 +206,14 @@ describe("isTrustedFontUrl", () => {
       isTrustedFontUrl("https://localhost:3000/fonts/NotoSans-Regular.ttf", "https://localhost:3000"),
     ).toBe(false);
   });
+  it("handles invalid APP_URL gracefully and falls back to allowlist", () => {
+    process.env.APP_URL = "invalid-url";
+    expect(
+      isTrustedFontUrl(
+        "https://github-user-summary.vercel.app/fonts/NotoSans-Regular.ttf",
+        "https://github-user-summary.vercel.app"
+      )
+    ).toBe(true);
+  });
+
 });
diff --git a/src/lib/validators.ts b/src/lib/validators.ts
index ac406b7d..bc479574 100644
--- a/src/lib/validators.ts
+++ b/src/lib/validators.ts
@@ -1,3 +1,4 @@
+import { logger } from "./logger";
 /**
  * Validates a GitHub username.
  * Rules:
@@ -64,8 +65,8 @@ function getTrustedFontOrigins(): Set<string> {
       if (configuredOrigin.startsWith("https://")) {
         origins.add(configuredOrigin);
       }
-    } catch {
-      // Ignore invalid deployment configuration and fall back to the fixed allowlist.
+    } catch (err) {
+      logger.warn("Invalid APP_URL deployment configuration. Falling back to fixed allowlist.", err);
     }
   }
 
@@ -121,7 +122,8 @@ export function isTrustedFontUrl(url: string, allowedOrigin?: string): boolean {
     }
 
     return false;
-  } catch {
+  } catch (err) {
+    logger.warn("Invalid URL provided to isTrustedFontUrl.", err);
     return false;
   }
 }