Relax style-src-elem to allow inline

app/Http/Middleware/ContentSecurityPolicy.php

@@ -118,7 +118,11 @@ class ContentSecurityPolicy
         $styleSources[] = 'data:';
         $connectSources[] = 'https:';
         $fontSources[] = 'https:';
-        $styleElemSources = array_unique(array_merge($styleSources, ["'unsafe-inline'"]));
+        $styleElemSources = array_values(array_filter(
+            $styleSources,
+            static fn (string $source): bool => ! str_starts_with($source, "'nonce-")
+        ));
+        $styleElemSources = array_unique(array_merge($styleElemSources, ["'unsafe-inline'"]));
 
         $directives = [
             'default-src' => ["'self'"],