The following is the CSP policy that you would need to add in your headers or meta tag:
style-src : https://<domain>.chargebee.com/assets/hp_v3/iframe_views/
script-src : https://js.chargebee.com/v2/chargebee.js
frame-src : https://<domain>.chargebee.com/
Since we have enabled CSP in 'Report Only' mode, please report only the errors that are a part of our iframe.