What is the solution to caching vs using a CSP nonce? I've been searching for a while, and haven't found it

Question

I've never seen a good answer to this dilemma, and I've been searching high and low. It seems it is a choice between using a nonce and caching, you can't have both. Really bad choice!

We're told 'unsafe-inline' is a really bad choice in CSP, and yet there seems to be no solution to the cache/nonce problem, that I've found.

Is there any solution on the horizon? Or one available now which is simply a well-kept secret?

jamminjames · Accepted Answer · 2023-11-30 01:35:16Z

0

This seems to be a good solution, we are using it successfully. It involves using the Nginx http_sub_module.

answered Nov 30, 2023 at 1:35

jamminjames

1111 silver badge11 bronze badges

Add a comment |

Stack Exchange Network

What is the solution to caching vs using a CSP nonce? I've been searching for a while, and haven't found it

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
cache
javascript
content-security-policy
http-caching
.

Hot Network Questions

What is the solution to caching vs using a CSP nonce? I've been searching for a while, and haven't found it

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged cachejavascriptcontent-security-policyhttp-caching.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
cache
javascript
content-security-policy
http-caching
.