Pass in arbitrary script hashes?

[fymmot]

Hi!
I am using next-themes for darkmode functionality on my site, which is inserting a script block into the <body>.

This block isn't trustified by next-safe-middleware and causing a CSP error. I was wondering if it is possible to hash it manually and pass the hash to the CSP policy somehow?

I tried creating a script-src directive and adding the hash, but the policy appears to be overwritten when the site is deployed:

'script-src': [
        'self',
        'sha256-eMuh8xiwcX72rRYNAGENurQBAcH7kLlAUQcoOri3BIo=',
      ],

Is there a way to achieve this? (Apologies in advance if I have missed something obvious)