11-11-2019, 01:57 PM
Hi again, any feedback on the above would be welcome. I need to finalize a release soon, and I am OK with implementing "partial" CSP support (without the dynamic nonce parts) as a first step. But I need to know if the parts without nonce still are meaningful? (Or at least enough to be able to "tick the CSP checkbox" for some of our customer's security requirements). Then as a second step I could dive into it a bit deeper and try to implement a more complete support (but then I need to know what I did wrong with the nonces in the header).
Best regards
Magnus Oskarsson
Best regards
Magnus Oskarsson