CSP & Panel conflict

Hello there,
I recently stumbled across @steirico’s add-custom-fields plugin which I find very useful (in fact, adding / appending fields should be a core feature imho). But it seems to conflict with @bnomei’s security-headers plugin.

Now, my question is this: Has anyone encountered similar problems with plugins when CSP rules for the Panel are enabled? How’d you fix it?

There’s site()->nonce() to use in this case, but I cannot find a script element to apply it to (source of add-custom-field). The problem has to be something else … also see this issue discussing the problem.