Accessing the nonce from JavaScript, makes all nonce based CSPs strict-dynamic

Summary It is recognized that a nonce based Content-Security-Policy (CSP) is stronger if it does not allow strict-dynamic, since scripts that are running cannot load other scripts arbitrarily. Howe… Read more

Similar