Content Security Policy (or [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)) is a way of avoiding certain types of website-related attacks like cross-site scripting and malicious data injections. It is a way by which website developers can tell the browser what content origins are approved so that everything else is blocked. One needs to add a `Content-Security-Policy` HTTP header mentioning the sources which they allow for loading scripts, styles, images, etc. To read in detail about CSP, check [Content Security Policy Level 3 working draft](https://www.w3.org/TR/CSP3/). We are going to discuss here why sha256 hashes often don't let inline styles to not pass in chromium browsers. Chromium browser console complains about the style-src hashes mismatch even though it shows them to be the same. Why? And how to solve it? **TL;DR: If using ` ``` and ```HTML
This is a text
``` In CSS, the second scenario is much more common when someone does inline styles than scenario 1. But again, in this case, adding a sha256 hash to `style-src` [won't execute the scenario 2 in chromium browsers](https://bugs.chromium.org/p/chromium/issues/detail?id=546106). This is because styles added in scenario 2 are part of the style attribute in the HTML tag which in CSP terms are essentially event handlers. According to [w3c CSP draft](https://www.w3.org/TR/CSP2/#directive-style-src), the hash in `style-src` allows the inline styles mentioned inside `