Microsoft Edge PDF viewer render inproperly when configured with strict Content Security Policy (CSP)

[kjteh]

Issue:
When Content Security Policy style-src 'self' 'nonce-xxx' is set in a document, when opening the pdf blob in Microsoft Edge PDF viewer (either through iframe / new tab), the pdf viewer does not fully occupy the entire space of the tab / iframe. The pdf viewer toolbar is missing as well.

Workaround:
No issue if we set the hashes into the CSP configuration, exmple:
style-src 'self' 'nonce-xxx' 'unsafe-hashes' 'sha256-4QAfheGyoLvz79NNXXIU6nvAzOsJ8D1A5QelwXZubZI=' 'sha256-e32iCFqTt1yfebUEPZNqd7UC/drEwHJXPK4z5diJJ5M='
but, ideally, we want to avoid this, since the inline styles are actually from browser

Only happen in Microsoft Edge, no issue in Firefox or Chrome now.
There is a similar issue in this link, and you can get the example html to simulate the issue: https://issues.chromium.org/issues/40712480