How to use Nonce attribute in inline Javascript
Application Type
Traditional Web

Hi All,

      I want to use the "Nonce" attribute in my inline script to avoid CSP misconfiguration, so i need to generate it on my script, is any one can help me on this with some examples.


Thanks in Advance

mvp_badge
MVP

Hi Balaji,

Why you think you need to use this, as it is suggested to not use it if not needed. Not using inline scripts is one of the biggest security wins CSP provides. 

For using nonce on inline script, did you already loot at the following documentation:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_inline_script

Regards,

Daniel

Hi @Daniël Kuhlmann 

          We found inline script in our application so after pen test they saying its CSP misconfiguration and they suggested to use "Nonce" in inline scripts. 

Thanks

Balaji

mvp_badge
MVP

I think it is not the best suggestion. The best solution is to avoid inline script.

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.