Contrib.social

🇮🇳India @vishalnigam

Open on Drupal.org →
Account created on 10 February 2016, almost 9 years ago
#

Recent comments

✨ | Security Kit | Implement a "semi automatic" Nonce settings
Comment 17 days ago →
🇮🇳India vishalnigam

Hi @rajeshreeputra, and @timovos

I tried and tested the patch--20 for my application to introduce nonce-#hash value. I found something and thought i need to share:

  • The Nonce support is working fine after apply the patch, that gives the nonce support with hash value in inline script.
  • The CSP Header looks fine with the nonce hash value

Issues/observation:

  • After apply patch in the configuration, nonce support toggle button is not working as expected, this is gives always nonce support even with active or inactive.
  • In the CKEditor, if any script available the nonce support is not provided for ckeditor, and removing 'unsafe-inline', the script inside CKeditor not in usable state

Tried many way to resolve and support nonce with CKEditor script but still no hope, looking for the solution.

Thanks in advance.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024