Hi All,
I want to use the "Nonce" attribute in my inline script to avoid CSP misconfiguration, so i need to generate it on my script, is any one can help me on this with some examples.
Thanks in Advance
Hi Balaji,
Why you think you need to use this, as it is suggested to not use it if not needed. Not using inline scripts is one of the biggest security wins CSP provides.
For using nonce on inline script, did you already loot at the following documentation:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_inline_script
Regards,
Daniel
Hi @Daniël Kuhlmann
We found inline script in our application so after pen test they saying its CSP misconfiguration and they suggested to use "Nonce" in inline scripts.
Thanks
Balaji
I think it is not the best suggestion. The best solution is to avoid inline script.