To reproduce: 1. Serve a plaintext document containing long lines with Content-Security-Policy header of "style-src 'none'" or stronger (like "default-src 'none'"). The lines should soft-wrap to match the browser width. But the lines do not wrap. In the JS console there is a warning that says: > Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback. It looks like CSP is breaking the style attribute that WebKit puts on the <pre> element that wraps the plaintext contents. We were running into this when serving raw file contents from raw.github.com (I'm a GitHub engineer), so we added a "style-src 'unsafe-inline'" directive.