[SOLVED] React Helmet: Hash Not Accepted?

React Helmet: Hash Not Accepted?

My Javascript web app uses React Helmet. I'm seeing this in the console logs on the browser:

Either the 'unsafe-inline' keyword, a hash ('sha256-lF5Q6Eq8Av6zH8RSHuuey72cx1jMH2u3UMj8e7nNjto='), or a nonce ('nonce-...') is required to enable inline execution.

I added the hash to my Content Security Policy setup:

{
  "allowedOrigins_script_src": [
    "self",
    "https://mywebsite.com/graphql",
    "sha256-lF5Q6Eq8Av6zH8RSHuuey72cx1jMH2u3UMj8e7nNjto=",
  ],

...but it isn't being accepted as a hash:

The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'sha256-lF5Q6Eq8Av6zH8RSHuuey72cx1jMH2u3UMj8e7nNjto='. It will be ignored.

Note that it says "invalid source", not "invalid hash".

What am I missing?

Solution

{ "allowedOrigins_script_src": [ "self", "https://mywebsite.com/graphql", "'sha256-lF5Q6Eq8Av6zH8RSHuuey72cx1jMH2u3UMj8e7nNjto='" ] }