Scripting security how to configure

I have a nextcloud running inside my LAN.
It will never be publicly offered and is for my personal use only.

Within this environment I tried writing a little app, and receive this message:

Refused to execute inline event handler because it violates the following Content Security Policy directive: “script-src ‘nonce-bjlkQ3FueVRLRUsyNFJaZkRjaC9lVnd0S21lc25FODNEK25NeExwQWVtQT06cWJJVjdoWFZTUzc0MTNndVJMODNNMng1Y0RiNit4OXlkWVd1dHZWdkl3bz0=’ blob:”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-…’), or a nonce (‘nonce-…’) is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the ‘unsafe-hashes’ keyword is present.

Where can I disable the security check? Or where do I have to insert the nonce-String, after I found it where?

I am new to NextCloud, but have some experience in PHP and JavaScript.
Please point me to the right pages in the manuals, or give me some direction.