Your script is adding its own inline styles and scripts to the DOM, which can fail to be executed if a struct CSP is defined for the page. Could publish the sha-256-... value for your scripts and styles so that we don't have to fall back to the 'allow everything' setting or find our own hacks to get that content into the page. You could also provide a mechanism by which we deliver the nonce value to your yet-to-be-added scripts, insecure as that may be.
You could also let us build your styles into our bundling pipelines.
Your script is adding its own inline styles and scripts to the DOM, which can fail to be executed if a struct CSP is defined for the page. Could publish the
sha-256-...
value for your scripts and styles so that we don't have to fall back to the 'allow everything' setting or find our own hacks to get that content into the page. You could also provide a mechanism by which we deliver the nonce value to your yet-to-be-added scripts, insecure as that may be.You could also let us build your styles into our bundling pipelines.