You can set a meta tag in the index.html to bypass the error. Something like this right?
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'">
For example for a cordova hybrid app that can be offline until send. Please correct me if I am wrong.