After adding a strict Content Security Policy to your Single Page App, you may encounter the following error:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' XXX". Either the 'unsafe-inline' keyword, a hash ('sha256-X='), or a nonce ('nonce-...') is required to enable inline execution.
By default, Create React App injects an inline script into the HTML file it outputs. To force it to bundle this script as a separate JS file, you’ll need to prefix you build command with:
See more details here: https://create-react-app.dev/docs/advanced-configuration/