nonce - w3toppers.com

What’s the purpose of the HTML “nonce” attribute for script and style elements?

The nonce attribute lets you to “whitelist” certain inline script and style elements, while avoiding use of the CSP unsafe-inline directive (which would allow all inline script and style), so you still retain the key CSP feature of disallowing inline script/style in general. So the nonce attribute is way to tell browsers the inline contents … Read more

How to create and use nonces

It’s actually quite easy to do… There are some libraries out there to do it for you: PHP Nonce Library OpenID Nonce Library Or if you want to write your own, it’s pretty simple. Using the WikiPedia page as a jumping off point, In pseudo-code: On the server side, you need two client callable functions … Read more