Skip to content

FEATURE: Support dynamic config.content_security_policy_nonce#609

Merged
SamSaffron merged 1 commit intoMiniProfiler:masterfrom
davidtaylorhq:dynamic-nonce
Feb 14, 2024
Merged

FEATURE: Support dynamic config.content_security_policy_nonce#609
SamSaffron merged 1 commit intoMiniProfiler:masterfrom
davidtaylorhq:dynamic-nonce

Conversation

@davidtaylorhq
Copy link
Contributor

CSP nonce values change on every request, so accepting a static string as an option doesn't really make sense. This commit allows config.content_security_policy_nonce to be set to a Proc which is run for each request, and can return a nonce based on the env and current response headers.

CSP nonce values change on every request, so accepting a static string as an option doesn't really make sense. This commit allows `config.content_security_policy_nonce` to be set to a Proc which is run for each request, and can return a nonce based on the `env` and current response headers.
@SamSaffron SamSaffron merged commit 9081657 into MiniProfiler:master Feb 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants