Provide nonce integration with CSP module

Created on 24 September 2024, 3 months ago

Problem/Motivation

The Content-Security-Policy (CSP) module β†’ facilitates adding a nonce to inline scripts. Any policy that blocks inline scripts will render this module useless unless we use a nonce.

Steps to reproduce

Proposed resolution

  • Add option to wrap snippet in script tags automatically (using html_tag render element)
  • Add CSP nonce integration β†’ to snippets wrapped in script tags

Alternatively we would have to parse script tags from the snippet and add the nonce attribute there.

Remaining tasks

User interface changes

API changes

Data model changes

✨ Feature request
Status

Active

Version

2.0

Component

Code

Created by

πŸ‡¦πŸ‡ΊAustralia mstrelan

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Production build 0.71.5 2024