Try splitting out the CSP into a separate tag and add a style-src reference, like this:

<meta http-equiv="content-type" content="text/html; charset=utf-8 ;">
<meta http-equiv="Content-Security-Policy" content="script-src 'self' http://onlineerp.solution.quebec 'unsafe-inline' 'unsafe-eval'; style-src 'self' maxcdn.bootstrapcdn.com"> 

This should say that you trust styles coming from maxcdn.bootstrapcdn.com.

Great explanation of Content Security Policy is at http://content-security-policy.com/