Currently, we have to declare style-src 'self' 'unsafe-inline' just because of symfony's exception pages. Without that, it renders page completely messed up. What's worst is that it's not made obvious this is due to CSP, because it seemingly outputs something (just the text of Symfony exception), but nothing useful:

Only when you scroll down you will see some huge fonts.

This is because it uses some <style> and <script> tags without nonce codes, unlike debug toolbar.