fix: allow script injection from react dev tools in dev and stage envs (#6120)

server/env.ts

@@ -686,6 +686,14 @@ export class Environment {
   @CannotUseWithout("IFRAMELY_URL")
   public IFRAMELY_API_KEY = this.toOptionalString(process.env.IFRAMELY_API_KEY);
 
+  /**
+   * Enable unsafe-inline in script-src CSP directive
+   */
+  @IsBoolean()
+  public DEVELOPMENT_UNSAFE_INLINE_CSP = this.toBoolean(
+    process.env.DEVELOPMENT_UNSAFE_INLINE_CSP ?? "false"
+  );
+
   /**
    * The product name
    */