User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36
Steps to reproduce:
I log into our web application. I'd prefer not to publish access to it on this tracker, but I'd be happy to arrange it for individuals.
When I visit our web application, Firefox reports a CSP violation:
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“style-src”).
It reports this on line 1 of the document.
I don't see any cause for the report and Firefox is the only browser reporting it.
Line 1 of the document contains only 1 style node and that node is decorated with a nonce. The same nonce is used on other nodes, so I have no concern that it might not be correct.