Closed peterhartman closed 8 months ago
Describe the bug Not all scripts are using the CSP nonce
To Reproduce In the browser pipeline set (as per Readme)
plug :put_secure_browser_headers, %{"content-security-policy" => "default-src 'nonce-ash_admin-Ed55GFnX' 'self'"}
Current behavior Failure to load jsoneditor and easymde resources
jsoneditor
easymde
Expected behavior No console warnings or network failures
Additional context Ideally ash_admin would allow you to supply your own nonces in the same way as Phoenix.LiveDashboard, eg:
ash_admin "/admin", csp_nonce_assign_key: :csp_nonce_value
Describe the bug Not all scripts are using the CSP nonce
To Reproduce In the browser pipeline set (as per Readme)
Current behavior Failure to load
jsoneditorandeasymderesourcesExpected behavior No console warnings or network failures
Additional context Ideally ash_admin would allow you to supply your own nonces in the same way as Phoenix.LiveDashboard, eg: