When I enable CSP I can login into the webpage but mail is not listed..
When viewing the inspect (chrome) I can see CSP is blocking because of insecure.
Refused to apply inline style because it violates the following Content Security Policy directive:
"style-src
https://fonts.googleapis.com https://*.webpage.nl".
Either the 'unsafe-inline' keyword, a hash ('sha256-YFOIjkCvZnAH6R5z1ZjUI/Zgf7uslK5vN80+lsdvYss='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
This is my CSP (added in .htaccess)
Header add Content-Security-Policy "default-src 'self' https://*.webpage.nl; base-uri 'self' https://*.webpage.nl; frame-src 'self' https://*.webpage.nl; frame-ancestors 'self' https://*.webpage.nl; form-action 'self' https://*.webpage.nl; script-src 'report-sample' 'self' ; style-src
https://fonts.googleapis.com https://*.webpage.nl; font-src 'self' data:
https://fonts.gstatic.com https://*.webpage.nl;"