diff --git a/privaterelay/settings.py b/privaterelay/settings.py
index c82af3f67c..f1066cbf2b 100644
--- a/privaterelay/settings.py
+++ b/privaterelay/settings.py
@@ -133,6 +133,7 @@
     # not set by us, so we use an explicit allowlist with the hashes of the
     # styles generated by Next.js.
     _next_css_path = Path(STATIC_ROOT) / "_next" / "static" / "css"
+    hashes = []
     for path in _next_css_path.glob("*.css"):
         content = open(path, "rb").read()
 
@@ -140,7 +141,17 @@
         # When CSP rules fail in Chrome, it provides the sha256 hash that would
         # have matched.
         the_hash = base64.b64encode(sha256(content).digest()).decode()
-        csp_style_values.append("'sha256-%s'" % the_hash)
+        hashes.append("'sha256-%s'" % the_hash)
+
+        # The sourceMappingURL is slightly different when loaded dynamically
+        # in next 14.0.0. Capture hash for alternate.
+        if content.endswith(b"map*/"):
+            space_content = content[:-2] + b" " + content[-2:]
+            assert space_content.endswith(b"map */")
+            space_hash = base64.b64encode(sha256(space_content).digest()).decode()
+            hashes.append("'sha256-%s'" % space_hash)
+    hashes.sort()
+    csp_style_values.extend(hashes)
 
 CSP_STYLE_SRC = tuple(csp_style_values)