It seems that csp allowed policies are getting tighter. It would be nice if mezzanine could mirror django/django#5567 (Removed all inline javascript from contrib.admin)