Firefox 40 <script>console.log("hello");</script> script-src 'self' 'sha256-N4H5TqgSuzNDfekEngS8OvQaDnOXFksFc3nAjDsKxIk=' Content Security Policy: The page's settings blocked the loading of a resource at self ("script-src https://p2pforum.localhost 'sha256-N4H5TqgSuzNDfekEngS8OvQaDnOXFksFc3nAjDsKxIk='").
Also, from the spec: "Note: If an element has an invalid hash, it would be helpful if the user agent reported the failure to the author by adding a warning message containing the actual hash value." This would be really useful to help understand why firefox is getting it wrong.
The incorrect report is also posted to the CSP's report-uri.
The same issue exists for styles sheets with hashes listed in the style-src.