Rocket loader does not respect nonce value from header

Hi, cannot find any information on Rocket Loader usage configuration when using Content-Security-Policy header with nonce value.

I have been testing it on my website, and I can clearly see that Cloudflare injects rocket-loader script without nonce from my headers.

Is there anything I am missing?

I use ‘strict-dynamic’ as policy for source-src along with nonce.

I can see that cloudflare rocket loader removes nonces on my scripts and does not insert a nonce on itself