Simple CSP policy, which allows to load scripts from origin and execute all inline scripts

default-src 'self'; script-src 'self' 'unsafe-inline'

Tip: Open DevTools on the Console tab

CSP hashed scripts page

Demo

inline script disabled
/root-script.js disabled
/folder/non-root-script.js disabled