CSP Testing with Lighthouse

[AndrewMarkUK]

I am testing CSPGenerator and pretty much all is good with exception to the following when processing a Lighthouse Report.

Host allowlists can frequently be bypassed. Consider using 'strict-dynamic' in combination with CSP nonces or hashes.
No CSP configures a reporting destination. This makes it difficult to maintain the CSP over time and monitor for any breakages.

This is the code currently

require_once( 'assets/php/classes/csp/CSPGenerator.php' );
CSPGenerator::getInstance()->addScriptsrc( 'https://maps.googleapis.com' );
CSPGenerator::getInstance()->addStylesrc( 'https://cdn.jsdelivr.net' );
CSPGenerator::getInstance()->addStylesrc( 'https://fonts.googleapis.com' );
CSPGenerator::getInstance()->addFontsrc( 'https://fonts.gstatic.com' );
CSPGenerator::getInstance()->Parse();

I have looked through the class but cannot relate the Lighthouse Result to the code. Could you be so kind to provide a brief hint or tip.

Thank you in advance, very much appreciated.

[D9ping]

On Chrome the style-src directive has 'unsafe-inline' added to make the webbrowser translating the page still working.
Recent versions of chrome may not need to add 'unsafe-inline' anymore to the style-src directive to keep translating the page working.
I should test that this is still needed.
Try commenting out this line:

CSPGenerator/CSPGenerator.php

Line 252 in fbf397e

$this->addStylesrc("'unsafe-inline'");

Please let me know if the lighthouse report issue disappeared commenting out this line.