Closed r34son closed 4 months ago
Nonce doesn't applied to nextjs internal scripts. It blocks scripts when you use strict-dynamic inside script-src directive.
strict-dynamic
script-src
Found line where next injects nonce under the hood https://github.com/vercel/next.js/blob/0fe68736ceca1f69fa2f082bef094b716e8a15b1/packages/next/src/server/app-render/app-render.tsx#L830
Will try to investigate
You need to add the content-security-policy to the request headers as well inside middleware. Related https://github.com/sst/open-next/issues/360
Nonce doesn't applied to nextjs internal scripts. It blocks scripts when you use
strict-dynamic
insidescript-src
directive.Found line where next injects nonce under the hood https://github.com/vercel/next.js/blob/0fe68736ceca1f69fa2f082bef094b716e8a15b1/packages/next/src/server/app-render/app-render.tsx#L830
Will try to investigate