Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Best practice regarding Security-Relevant HTTP Headers
#17
Hi Alexandre,

Do we have any update on issue when nonce was added on CSP? One of the reason why we upgraded from IW14 to IW15 was according to version history nonce is already supported but we are getting an error when we are adding nonce on CSP header.
See below error:
127.0.0.1/:102 [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-t4IHZcUfixmt8pOee1Yq3TpxhVIflw0gxX6Q/Xc9kIo='), or a nonce ('nonce-...') is required to enable inline execution.

Currently, we are using 'unsafe-inline' but this has been flagged by our security team.

Thanks
Reply


Messages In This Thread
RE: Best practice regarding Security-Relevant HTTP Headers - by jimmy11 - 03-10-2022, 07:04 AM

Forum Jump:


Users browsing this thread: 2 Guest(s)