Initially you have a CSP published via HTTP header, this CSP has a characteristic script-src-elem 'none'
rule (underlined in BLUE in the print screen).
You added CSP via the meta tag, this CSP has a characteristic 'unsafe-dynamic'
token (underlined in GREEN in the print screen).
You can't relax first Content Security Policy by adding a second one.
Like as comment by sideshowbarker, just remove CSP in HTTP header. Check if you have netlify-plugin-csp-generator or netlify-plugin-csp-headers Netlify packages installed. Those can publish default CSP via HTTP header.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…