Refused to execute inline script because it violates the following Content Security Policy directive: "script-src ‘self’ https://www.google.comajax.cloudflare.com ‘nonce-q***==’ ‘nonce-e4’". Either the ‘unsafe-inline’ keyword, a hash ('sha256-N0=’), or a nonce (‘nonce-…’) is required to enable inline execution.
I get the above error. All the scripts in my own code indeed use a nonce and work fine with inline scripts. But since Rocket Loader gets inserted by Cloudflare, it’s not present in my own code and therefore I don’t think I can add a nonce to that script (or can I?).
I could off course disable Rocket Loader through the Cloudflare Dashboard, but is that indeed the envisioned behavior: not use Cloudflare’s rocket loader if you want to use SCP…?