I use nonce generation via PHP, fastcgi:
fastcgi_param NONCE $nonce;
In the CSP I have added use (NGINX)
script-src 'strict-dynamic' 'nonce-${nonce}'
My issue is that I would like to add the nonce for every script automatically as as of now I have to add the nonce manually via PHP:
nonce="<?= $_SERVER['NONCE']?>"
In DevTools I see only:
nonce
Without:
nonce="number"
Is it correct?
The next issue is that I see in DevTools error which comes from using lottie player script and it says that I don't use nonce, or sha hash which I for sure do.
Aucun commentaire:
Enregistrer un commentaire