Parse Dashboard 5.0.0 / Insecure ContentSecurityPolicy (CSP)

We added a ContentSecurityPolicy (CSP) to our NodeJs server as middleware to increase our security, but the Parse Dashboard appears to have inline script/styling which goes against CSP (see attached screenshot from a vendor).

This forces us to choose between accessing our dashboard without a secure policy in place and failing 3rd-party security checks, or securing our dashboard without being able to view it on the screen because it’s blocked by the browser content security policy.

Here are the options I see to resolve issue:

  1. Remove inline styling but I believe this requires editing Parse Dashboard (we were able to use a none to resolve script error)
  2. Copy each and every SHA256 hash that appears in the error from Parse Dashboard and insert the hash into our CSP/header, but there are 50+ I’m guessing and this is not scalable / manageable.
  3. Insert a custom nonce/hash near the Parse Dashboard’s markup style tags, but I don’t see how we can do that since I believe only Parse has control over that (maybe it’s possible?).

Anyone else experienced this / solved this?