Login

mayonn · 09-24-2022, 10:26 AM

Hello to everybody!

A nonce is created for each inline CSS and java script for the debug bar when content security policy is enabled in the.env file via "app.CSPEnabled = true," but NOT for the kint inline script and inline styles. I can see the text "csp-style-nonce" in the view file for the welcome page. The welcome page uses scripts and styles that are non-nonce. These cause my browser to complain, however the CSS and kint js do not. Why?

How are the nonce values communicated to the browser? There are several. For styles, more than one, and for scripts, more than one. Do I additionally need to provide a Content-Security Policy header if I utilize the CI features "csp-style-nonce" and "csp-script-nonce"?

เว็บแทงบอลบนมือถือ