I've never seen a good answer to this dilemma, and I've been searching high and low. It seems it is a choice between using a nonce and caching, you can't have both. Really bad choice!
We're told 'unsafe-inline' is a really bad choice in CSP, and yet there seems to be no solution to the cache/nonce problem, that I've found.
Is there any solution on the horizon? Or one available now which is simply a well-kept secret?
0 Answers