th: CSP: allow unsafe-inline for CSS

config/initializers/content_security_policy.rb

@@ -36,7 +36,7 @@ Rails.application.config.content_security_policy do |p|
   p.frame_ancestors :none
   p.font_src        :self, assets_host
   p.img_src         :self, :data, :blob, *media_hosts
-  p.style_src       :self, assets_host
+  p.style_src       :self, :unsafe_inline, assets_host
   p.media_src       :self, :data, *media_hosts
   p.frame_src       :self, :https
   p.manifest_src    :self, assets_host