3

I've never seen a good answer to this dilemma, and I've been searching high and low. It seems it is a choice between using a nonce and caching, you can't have both. Really bad choice!

We're told 'unsafe-inline' is a really bad choice in CSP, and yet there seems to be no solution to the cache/nonce problem, that I've found.

Is there any solution on the horizon? Or one available now which is simply a well-kept secret?

1 Answer 1

0

This seems to be a good solution, we are using it successfully. It involves using the Nginx http_sub_module.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .