UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36

Steps to reproduce the problem:
1. Use a CSP that blocks inline styles
2. Use inline CSS within a page (in this case, initiated via JavaScript)
3. Whitelist the styles with SHA256 hash(es) in the style-src directive
4. Load the page

What is the expected behavior?
The browser executes and renders the inline CSS, with no CSP violations

What went wrong?
Chrome 69 is blocking the execution of inline CSS, even when the CSS is hashed and whitelisted in the CSP. The console log outputs the in-use CSP, as well as a hash value that would be required to allow execution. However, the suggested hash(es) already exist in the CSP.

Did this work before? N/A 

Chrome version: 69.0.3497.81  Channel: stable
OS Version: 10.0
Flash Version: 

Chrome 68 permitted these exact hashes, but Chrome 69 does not.

Haven't included an attached file, since a full online  test is required, I believe. I'm testing with reCAPTCHA v2 at https://venturedisplay.co.uk/recaptcha/
 

Deleted: 2018-09-07 16_10_32.png 19.7 KB

	2018-09-07 16_10_32.png 19.7 KB View Download