javascript - because it violates the following Content Security Policy directive: "style-src 'self'" - Stack Overflow
Secure Coding Guidelines for Content Security Policy | GnuDeveloper.com
Content Security Policy: The Easy Way to Prevent Mixed Content | CSS-Tricks - CSS-Tricks
⚖ CSP: the 'nonce-value' allows external stylesheets from any sources and allows inline styles without 'unsafe-inline' in the style-src, but does not allow @import; 'nonce-value' is case-sensitive
Content Security Policy, Your Future Best Friend — Smashing Magazine
Content Security Bypass Techniques to perform XSS | Medium
How to implement an inline styles Content Security Policy with Angular and Nginx - DEV Community 👩💻👨💻
⚖ Content Security Policy: data:-URL in style-src for CSS styles is not considered as a built-in or external style