All, I have a simple “hello world” site to debug CSP. I have it working fine for everything but styles that are placed in a component scss file. What am I missing?

I am trying to use a nonce in my Content Security Policy in an Angular app.

I am in the early stages of setting up an Angular project. From previous experience with other projects, I’m implementing a content security policy early so we can find violations during development and handle them as they come up. Angular seems to like to inline a lot of things and makes it difficult to have a restricted content policy for styling and scripts. I’m not too worried about styling but I really don’t want to have ‘unsafe-inline’ for script-src.