diff --git a/Classes/EventListener/MutateContentSecurityPolicy.php b/Classes/EventListener/MutateContentSecurityPolicy.php
index 076740b..ad6a86a 100644
--- a/Classes/EventListener/MutateContentSecurityPolicy.php
+++ b/Classes/EventListener/MutateContentSecurityPolicy.php
@@ -8,6 +8,7 @@
 use TYPO3\CMS\Core\Http\ServerRequest;
 use TYPO3\CMS\Core\Security\ContentSecurityPolicy\Directive;
 use TYPO3\CMS\Core\Security\ContentSecurityPolicy\Event\PolicyMutatedEvent;
+use TYPO3\CMS\Core\Security\ContentSecurityPolicy\SourceKeyword;
 use TYPO3\CMS\Core\Security\ContentSecurityPolicy\UriValue;
 
 final class MutateContentSecurityPolicy
@@ -35,7 +36,7 @@ public function __invoke(PolicyMutatedEvent $event): void
             ...$uris,
         );
         $event->getCurrentPolicy()->extend(
-            Directive::ScriptSrc,
+            Directive::ScriptSrcElem,
             ...$uris,
         );
         $event->getCurrentPolicy()->extend(
@@ -50,5 +51,15 @@ public function __invoke(PolicyMutatedEvent $event): void
             Directive::ImgSrc,
             ...$uris,
         );
+
+        // Ensure that nonces are allowed for script and style tags
+        $event->getCurrentPolicy()->extend(
+            Directive::ScriptSrcElem,
+            SourceKeyword::nonceProxy
+        );
+        $event->getCurrentPolicy()->extend(
+            Directive::StyleSrcElem,
+            SourceKeyword::nonceProxy
+        );
     }
 }