On pages like https://rest.wikimedia.org/en.wikipedia.org/v1/page/html/User%3AMarcoil%2FTests%2FCite/648024713, Chrome refuses to render inline styles and prints the following warning in the console:
"Refused to apply inline style because it violates the following Content Security Policy directive: "style-src *". Either the 'unsafe-inline' keyword, a hash ('sha256-Mvsp77heuEPm7zRATyUk_qLvOCN0lwgUfh8tzx_2ync='), or a nonce ('nonce-...') is required to enable inline execution."
As the error message says, we are currently setting "style-src *". The error is triggered by a simple and harmless inline style.
It sounds like one option would be to include unsafe-inline, but we should check with @csteipp if that's okay.