This is an extension to https://github.com/electrode-io/electrode/pull/1958 and enforce CSP nonce for style tags
Ini addition, changes made to provide provision for users to selectively set/unset CSP for scripts and styles.
To set CSP header app has three options
App can pass a generated nonce value through cspNonce route option
Set cspNonce flag. This would be boolean. By default cspNonce flag is set false. Electrode will generate once and set CSP header.
Selectively set boolean flag for scripts and styles. Setting cspNonce: { style: true } will add nonce only for styles
Summary
This is an extension to https://github.com/electrode-io/electrode/pull/1958 and enforce CSP nonce for style tags Ini addition, changes made to provide provision for users to selectively set/unset CSP for scripts and styles.
To set CSP header app has three options
cspNonceroute optioncspNonceflag. This would be boolean. By defaultcspNonceflag is setfalse. Electrode will generate once and set CSP header.scriptsandstyles. SettingcspNonce: { style: true }will add nonce only for stylesAdditional changes /notes
Changelogs added