Lots of inline style and script errors are being thrown

[stevefrench39]

Hello, I'm noticing the plugin is only adding a small portion of the required inline scripts/styles which is throwing errors and breaking my site.

My plugin config looks like:

{
      resolve: `gatsby-plugin-csp`,
      options: {
        disableOnDev: true,
        reportOnly: false,
        mergeScriptHashes: true,
        mergeStyleHashes: true,
        mergeDefaultDirectives: true,
        directives: {
          "script-src":
            "'self' connect.facebook.net cdn.paddle.com www.googletagmanager.com platform.twitter.com www.google-analytics.com",
          "style-src": "'self' cdn.paddle.com fonts.googleapis.com",
          "frame-src":
            "'self' platform.twitter.com staticxx.facebook.com www.facebook.com",
          "font-src": "'self' fonts.gstatic.com",
        },
      },
    }

This generates a CSP like:

<meta http-equiv="Content-Security-Policy" content="base-uri 'self'; default-src 'self'; script-src 'self' connect.facebook.net cdn.paddle.com www.googletagmanager.com platform.twitter.com www.google-analytics.com 'sha256-2I8frYfptF6frO2QLIwaKfnX3RYbfJ55/LQd5cBiOmg=' 'sha256-egpbluqkD8NT0bY3bWy7raM9tRIMkfUWboq0Y8KqsFk=' 'sha256-X0BXQu2gfi2ZRiq3dkicOdLVJ1mE9T/O7q5NN/iC6k8='; style-src 'self' cdn.paddle.com fonts.googleapis.com 'sha256-8uxjNeXp0ypX1vV3TIfEPA8PK2IsBew4lwb7k6E+v0Q='; object-src 'none'; form-action 'self'; font-src 'self' fonts.gstatic.com; connect-src 'self'; img-src 'self' data:; frame-src 'self' platform.twitter.com staticxx.facebook.com www.facebook.com;">

You can see there's only a small handful of whitelisted inline scripts in the generated policy and dozens of inline-script/styles errors are thrown on load.

We're using Gatsby v2.17.15 with gatsby-plugin-sass for styles. The problem remains even if I remove the directives node from this plugin.

Any help would be appreciated, thank you.