CSP issues with validation using oidc-client.js

I am creating a SPA using oidc-client for login IDP created using Identity Server 4.

The login redirect seems to work fine, but in Firefox I get the following CSP issues

Content Security Policy: Ignoring "'unsafe-inline'" within script-src or style-src: nonce-source or hash-source specified  (unknown)
Content Security Policy: The page settings blocked the loading of a resource at self ("script-src 'unsafe-inline' 'sha256-VDXN0nOpFPQ102CIVz+eimHA5e+wTeoUUQj5ZYbtn8w='"). Source: !function(t){function __webpack_require_....  checksession:1
Content Security Policy: The page settings blocked the loading of a resource at self ("script-src 'unsafe-inline' 'sha256-VDXN0nOpFPQ102CIVz+eimHA5e+wTeoUUQj5ZYbtn8w='"). Source: window.devToolsOptions = Object.assign(w....  checksession:1
Load denied by X-Frame-Options: http://localhost:5007/home/error?errorId=a74accc61bb821ee1f42f7013a306e90 does not permit cross-origin framing.  (unknown)

      

        
        
        
      

    

I am not setting CSP meta tags in my SPA and I am wondering if I need to do this. Digging around a bit, it seems that the oidc client is adding an iframe to my application that points to the checkout page in Identity Server (which includes the CSP header "default-src" none "; script -src 'unsafe-inline' 'sha256-VDXN0nOpFPQ102CIVz + eimHA5e + wTeoUUQj5ZYbtn8w = '")

Can anyone help me solve this or lead me in the right direction? My knowledge of CSP is very simple.