Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Best practice regarding Security-Relevant HTTP Headers
#19
Hi Kudzu,
Thanks for the reply. We are using 15.2.36, I also don't see any fixes on the IW version history regarding nonce from version 36 up to 50. Below comment from Alexandre was dated 11/13/2019 which was before covid but there is still a problem when nonce is added on CSP header. We are getting same error as magosk is getting from his previous post on this thread.

(11-13-2019, 09:26 AM)Alexandre Machado Wrote: Yes, you are correct. Chrome will ignore unsafe-inline is ignored if nonce exists. That was added as a workaround for a Firefox bug in my test and never removed.

You can remove the unsafe-inline from script and style sections and see how it goes. If something is failing you can remove the nonce and leave the unsafe-inline, until the original issue which cause it to fail (with nonce present) is fixed.... hopefully you can understand what I meant :-)
Reply


Messages In This Thread
RE: Best practice regarding Security-Relevant HTTP Headers - by jimmy11 - 03-11-2022, 06:46 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)