Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FEATURE: Support dynamic config.content_security_policy_nonce #609

Merged
merged 1 commit into from
Feb 14, 2024

Conversation

davidtaylorhq
Copy link
Contributor

CSP nonce values change on every request, so accepting a static string as an option doesn't really make sense. This commit allows config.content_security_policy_nonce to be set to a Proc which is run for each request, and can return a nonce based on the env and current response headers.

CSP nonce values change on every request, so accepting a static string as an option doesn't really make sense. This commit allows `config.content_security_policy_nonce` to be set to a Proc which is run for each request, and can return a nonce based on the `env` and current response headers.
@SamSaffron SamSaffron merged commit 9081657 into MiniProfiler:master Feb 14, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants