Closed vdeville closed 7 months ago
Example in html:
Incode:
<script type="text/javascript" nonce="{{ csp_nonce('script') }}" nonceTest="{{ csp_nonce('script') }}">
Do dump before this script in twig:
{{ dump(csp_nonce('script')) }}
<script type="text/javascript" nonce="{{ csp_nonce('script') }}" nonceTest="{{ csp_nonce('script') }}">
Result:
This is normal https://stackoverflow.com/a/55673767/6512
You can check the view-source of the page to verify nonces, do not use the web inspector.
Thanks for your reply, i don't really understand why in dev or prod env some scripts was not loaded or loaded, for example in dev mode googlemap put eval error in javascript, not in production (same config, same loaded url etc) Thanks
Hello,
Today i tested to add inline-nonce to all scripts. In Production mode no problem, but in dev mode if i not do
{% dump(csp_nonce('script')) %}
all the script have empty nonceDo you have any idea about this problem ?
Thanks