CSP nonce values change on every request, so accepting a static string as an option doesn't really make sense. This commit allows config.content_security_policy_nonce to be set to a Proc which is run for each request, and can return a nonce based on the env and current response headers.
CSP nonce values change on every request, so accepting a static string as an option doesn't really make sense. This commit allows
config.content_security_policy_nonce
to be set to a Proc which is run for each request, and can return a nonce based on theenv
and current response headers.