Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'nonce-z0jfNWhEO10dWSsyOEbrbijdncNaQreglWzRrbsifjyIH/Rx' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.
why ?
