Hi everyone!
When you turn content security policy on in .env via "app.CSPEnabled = true" a nonce is created for every inline CSS and javascript for the debug bar but NOT for the kint inline script and inline styles. I can see the {csp-style-nonce} text in the welcome page view file. The welcome page has styles and scripts with no nonce. My browser complains about these but doesn't complain about the kint js and CSS. Why?
How is the browser told what the nonce values should be? There are several. More than one for styles and more than one for scripts. If I use the CI feature {csp-style-nonce} and {csp-script-nonce} don't I also have to tell the browser about it in a Content-Security_Policy header? How do I do that for each nonce?
Codeigniter First, Codeigniter Then You!!
yekrinaDigitals
