On pages like https://rest.wikimedia.org/en.wikipedia.org/v1/page/html/User%3AMarcoil%2FTests%2FCite/648024713, Chrome refuses to render inline styles and prints the following warning in the console:
"Refused to apply inline style because it violates the following Content Security Policy directive: "style-src *". Either the 'unsafe-inline' keyword, a hash ('sha256-Mvsp77heuEPm7zRATyUk_qLvOCN0lwgUfh8tzx_2ync='), or a nonce ('nonce-...') is required to enable inline execution."
As the error message says, [we are currently setting "style-src *"](https://github.com/wikimedia/restbase/blob/9ca81d831a34d6c7db0763269c1dfecc203e6f47/lib/server.js#L48). The error is triggered by a simple and harmless inline style.
It sounds like one option would be to include unsafe-inline, but we should check with @csteipp if that's okay.