11-13-2019, 09:26 AM
Yes, you are correct. Chrome will ignore unsafe-inline is ignored if nonce exists. That was added as a workaround for a Firefox bug in my test and never removed.
You can remove the unsafe-inline from script and style sections and see how it goes. If something is failing you can remove the nonce and leave the unsafe-inline, until the original issue which cause it to fail (with nonce present) is fixed.... hopefully you can understand what I meant :-)
You can remove the unsafe-inline from script and style sections and see how it goes. If something is failing you can remove the nonce and leave the unsafe-inline, until the original issue which cause it to fail (with nonce present) is fixed.... hopefully you can understand what I meant :-)