laravel-secureheaders icon indicating copy to clipboard operation
laravel-secureheaders copied to clipboard

Published 20 hours ago • verified publisher icon mxkxf

Singleton Nonce functionality

Open joshbrw opened this issue 7 years ago • 5 comments

Add functionality that allows for usage of a nonce for inline JS

joshbrw avatar Jan 10 '18 11:01 joshbrw

What is this for? Is there an article or white paper you could link to?

mxkxf avatar Jan 10 '18 14:01 mxkxf

See PR #24

joshbrw avatar Jan 10 '18 14:01 joshbrw

Yeah seen that 😉

I mean why does this need to be part of this package? Can you flesh out the issue a little more please, thanks.

mxkxf avatar Jan 10 '18 14:01 mxkxf

They're for using inline scripts with CSP, or more recently assigning trust to a script that can load other scripts (in combination with 'strict-dynamic').

https://scotthelme.co.uk/csp-cheat-sheet/#nonces https://github.com/aidantwoods/SecureHeaders/wiki/cspNonce

aidantwoods avatar Jan 10 '18 14:01 aidantwoods

Would love to see this feature too, possible based on the work aidan did in his package which seems really well done

IlCallo avatar Jan 18 '18 15:01 IlCallo