The following error gets logged to console when Code editor is enabled, e.g. on a user .js page:
[Report Only] Refused to create a worker from 'blob:https://en.wikipedia.org/54cbff0d-76ed-46ab-85c9-b2afa7cf84e3' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self' meta.wikimedia.org *.wikimedia.org *.wikipedia.org *.wikinews.org *.wiktionary.org *.wikibooks.org *.wikiversity.org *.wikisource.org wikisource.org *.wikiquote.org *.wikidata.org *.wikivoyage.org *.mediawiki.org 'unsafe-inline'". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.
Since CSP is in Report Only mode, Code editor is still working.