You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to use a secure nonce to allow some inline code through a CSP. However, this doesn't work when combined with fastcgi_cache as the nonce value used in the web page is cached, but the nonce value output in the header is created anew.
The result is that a nonce is generated and inserted into the CSP header and passed to PHP which inserts it into the HTML. But, as mentioned, when using fastcgi_cache, the header/nonce is not cached along with the page.
The text was updated successfully, but these errors were encountered:
I'm trying to use a secure nonce to allow some inline code through a CSP. However, this doesn't work when combined with fastcgi_cache as the nonce value used in the web page is cached, but the nonce value output in the header is created anew.
The server config looks something like this:
The result is that a nonce is generated and inserted into the CSP header and passed to PHP which inserts it into the HTML. But, as mentioned, when using fastcgi_cache, the header/nonce is not cached along with the page.
The text was updated successfully, but these errors were encountered: