r34son
commented
4 months ago You need to add the content-security-policy to the request headers as well inside middleware. Related https://github.com/sst/open-next/issues/360
Closed r34son closed 4 months ago
r34son
commented
4 months ago You need to add the content-security-policy to the request headers as well inside middleware. Related https://github.com/sst/open-next/issues/360
Nonce doesn't applied to nextjs internal scripts. It blocks scripts when you use
strict-dynamicinsidescript-srcdirective.Found line where next injects nonce under the hood https://github.com/vercel/next.js/blob/0fe68736ceca1f69fa2f082bef094b716e8a15b1/packages/next/src/server/app-render/app-render.tsx#L830
Will try to investigate