Minimal example to reproduce an issue, which is that there is a Content-Security-Policy violation on inline styles, even though there are no inline styles.

There is an Elm web app served up by a Go server.

• Install Go
• Install Elm 0.19
• Clone this repository and cd into it
• Install elm-ui with: elm install mdgriffith/elm-ui
• Build the Elm code with: elm make Main.elm --output=main.js
• Set the $GOPATH to the 'go' directory in this repository: export $GOPATH `pwd`/go
• Install the Go http library: go get net/http
• Build the Go server with: go install server
• Start the server with: go/bin/server
• Visit http://localhost:3333 in a web browser
• The server prints out this:

{"csp-report":{"blocked-uri":"inline","column-number":1,"document-uri":"http://localhost:3333/","line-number":1,"original-policy":"style-src 'self'; report-uri http://localhost:3333/cspreport","referrer":"","source-file":"http://localhost:3333/","violated-directive":"style-src"}}
{"csp-report":{"blocked-uri":"inline","column-number":1,"document-uri":"http://localhost:3333/","line-number":1,"original-policy":"style-src 'self'; report-uri http://localhost:3333/cspreport","referrer":"","source-file":"http://localhost:3333/","violated-directive":"style-src"}}