CSP - Content Security Policy [Refused style-src 'unsafe-inline'] in Production Env.

[startdz]

How can I use the lib of sheet and scroll area owned by shadcn/ui --- with another library from radix.
when I try to condition the middleware.ts
I tried to set up the CSP, as follows:

const isDev = process.env.NODE_ENV !== “production”;
const cspHeader = default-src 'self'; script-src 'self' ${ isDev ?'unsafe-eval' 'unsafe-inline' 'nonce-${nonce}':'nonce-${nonce}' 'strict-dynamic'} https://www.googletagmanager.com; style-src 'self' ${isDev ?'unsafe-inline':'nonce-${nonce}'`};

in the development/local process, everything went smoothly but there was a little warning Description [aria-describedby], but when I tried to build [npm run build ], when I console the build results and I try the component features of the scroll area and sheet, there is a CSP error as follows:

fd9d1056-c176ba62bfa905c4.js:1 Refused to apply inline style because it violates the following Content Security Policy directive: “style-src ‘self’ ‘nonce-’”.

How to maintain security strictly and as much as possible.

Thank you for your attention, I really appreciate the answer🙏

[QiaoLi1996]

Is this solved? I'm experiencing the same issue.