Using content security policy without style-src 'unsafe-inline' how do you allow styles like this?
<span style="font-size: 16px;">Hello</span>
I've tried adding a nonce to them and adding that nonce to the CSP header but that doesn't seem to work
<span style="font-size: 16px;" nonce="0611873de7e2db5985c289fdfa946caee2ae1860">Hello</span>
"style-src 'nonce-0611873de7e2db5985c289fdfa946caee2ae1860' 'self'"
Is there any way to do this without adding the 'unsafe-inline' directive??