Content Security Policy what is it even?

hey guys im trying to build a Web app that is supposed to be like a E-commerce site and for this i use React, and react-router-dom . So to the point. The app is self works if i go from starting point localhost:3000 (the STARTING POINT of the url that is )

and i click around to display the desired component and update the url aswell as the View and it works.

BUT HERE IS THE FUNNY PART when i try to refresh the page or type in the url manually it doesnt work and i get this message

Refused to execute inline script because it violates the following Content Security Policy directive: “default-src ‘self’”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-ThhI8UaSFEbbl6cISiZpnJ4Z44uNSq2tPKgyRTD3LyU=’), or a nonce (‘nonce-…’) is required to enable inline execution. Note also that ‘script-src’ was not explicitly set, so ‘default-src’ is used as a fallback.

Google hasnt been much of help because i dont really understand this. Never even heard of code getting “blocked” by CSP but i feel like i know its supposed to go inside a meta tag but i cant figure it out. Can someone either explain it to me or just bump me into the right direction ?? ive been stuck at this for days ! also im loosing my mind on this!

Content Security Policy, or CSP, is meant to provide protection against rogue code being injected into your page for malicious purposes.

Are you by any chance pulling in some JavaScript - like, for example, jQuery - to the page using a <script> tag?