Cloudflare Fonts appears to not honor CSP nonce header

I tried setting up Cloudflare Fonts and successfully got the CSS replacement to work, however, I’m seeing CSP errors in Chrome. My understanding was that so long as the response Content-Security-Policy header included a nonce Cloudflare would inject the value in generated code. It appears to not be happening in this case.

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https: 'nonce-101e710412de7dc8dcc3ea7decdd8551'". Either the 'unsafe-inline' keyword, a hash ('sha256-eXhf1q7CbOcajvq+FNHqf8+ztqK82RK7kEVJSsc9clg='), or a nonce ('nonce-...') is required to enable inline execution.