CSP style hash not inserting in staging environment

[mark-reason]

Astro Info

Astro                    v5.14.1
Vite                     v6.3.6
Node                     v22.18.0
System                   macOS (x64)
Package Manager          npm
Output                   static
Adapter                  @astrojs/cloudflare (v12.6.9)

If this issue only occurs in one browser, which browser is a problem?

No response

Describe the Bug

Hi, I've started using the experimental CSP feature. I have the case where a CSS property is programmatically calculated and I need to include it as an inline script. This obviously doesn't apply with the default standard CSP policy from astro. To get around this I am generating a hash based on the value output and adding that into the CSP along with 'unsafe-hashes':

const sha256 = crypto.createHash("sha256").update(styleAttr).digest("base64");
Astro.csp.insertStyleHash(`sha256-${sha256}`);

This works great locally and my CSP meta output is:

style-src 'self' 'unsafe-hashes' 'sha256-mPFTR9MOj1r1vAYnSHeKFl1b29KDJjEsYQg2FAYaFUM=' 'sha256-HKNCO30eLPwQQzw6V9VDqB7b/MgFy+8TDEbKWTrjrWk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=';

However it doesn't seem to be working on my staging environment (hosted on Cloudlfare pages) - the output only includes the Astro style hashes:

style-src 'self' 'sha256-mPFTR9MOj1r1vAYnSHeKFl1b29KDJjEsYQg2FAYaFUM=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=';

So it looks like the hash isn't be inserted using the insertStyleHash function.

What's the expected result?

Hash to be inserted in Cloudflare pages environment.

Link to Minimal Reproducible Example

https://stackblitz.com/edit/github-jq586hqn

Participation

• I am willing to submit a pull request for this issue.