Questions tagged [nonce]
A nonce, short for “number used once”, is a random number used to sign a message in client-server communication. The HTML “nonce” attribute is used as part of Content Security Policy feature in browsers.
nonce
370
questions
-1
votes
0
answers
19
views
How to decide which is better option to implement nonce or hash for inline scripts-CSP
What if in big application,we use something like below in multiple areas
<button type="button" class="btn btn-primary" onclick="func1()">test</button>
<...
0
votes
0
answers
26
views
SVG Images not loading properly as strict CSP Policy blocking style execution of SVGs, using mat-icon in Angular 16
I am using angular16 with Angular Material. In CSP Policy I have replaced unsafe-inline with 'nonce-myDynamicNonce'.
I am applying CSP_NONCE provider value as per angular16 inbuilt way.
Now everything ...
0
votes
0
answers
54
views
Update CSP_NONCE value dynamically on each api request using Angular 16
Hello Angular Community,
I am working on implementing strict CSP (Content Security Policy) remediation in my Angular 16 application. Our server sends a nonce value in the CSP response header with each ...
-1
votes
0
answers
35
views
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'
After implementing CSP_NONCE in angular according to the documentations and removing unsafe inline and unsafe eval from CSP header, I get error.
I am using nginx as web server. The error is
Refused to ...
0
votes
0
answers
14
views
How signature will be generate where payload and query parameter in present in API
How signature will be generate where payload and query parameter in present in API?
Some of API dose not have nonce and signature validation due to api dose not have query parameter and payload, we ...
0
votes
0
answers
74
views
How to automatically add the nonce attribute for inline scripts and styles?
I'm using Rails 6.1.7 and trying to configure CSP in my application. I already have the file content_security_policy.rb configured:
Rails.application.config.content_security_policy do |policy|
...
0
votes
0
answers
14
views
SAML authentication handler contains unsafe inline script - Unable to redirect to Okta login page
We are using a nonce worker to avoid loading inline scripts,
But SAML authentication handler contains a form that redirects to the OKTA login page.
This form includes an unsafe inline script, which ...
0
votes
0
answers
43
views
Why is the ssl_session_id being regenerated for some requests and reused for others in nginx?
I have containerized and deployed my angular app to nginx. I want to send a Content-Security-Policy header with a nonce. I am using $ssl_session_id for the nonce from nginx.
I am able to pass the ...
-1
votes
1
answer
43
views
CSP inline issue nonce
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' 'nonce-Vs0RA4diyTa6WTnfA4Cy3Q=='". Either the 'unsafe-inline' keyword, a ...
1
vote
0
answers
15
views
Debug nonce issue with wordpress
I am not able to find out the issue with an autentification with nonce during connection to an endpoint.
Here are the file:
Shortcode that send request to endpoint:
<?php
/*
Plugin Name: Test ...
0
votes
1
answer
44
views
How to Securely and Efficiently Store a nonce Value in a Next.js Application?
I am developing a Next.js application that requires interacting with an external API. Each request to this API must include a unique nonce value that is provided by the API with each response. I need ...
0
votes
2
answers
54
views
IIS: Is it possible to modify a file content for each request received using IIS tools (i.e. URL Rewrite module)?
I have an Angular app + NET 8 API together hosted in an IIS site.
I'm trying to implement the Content Security Policy using 'nonce' (number used only once). This means that for each response sent to a ...
0
votes
0
answers
23
views
Nonce not getting reset when transactions are dropped
I am using the transaction manager from the Nethereum package to send transactions automatically. However, I am encountering an issue where multiple transactions are getting stuck, specifically up to ...
1
vote
1
answer
184
views
Failed to set nonce from CSP to inline style used by MUI in NextJS 14 project
My NextJS app is scanned by client’s pen test software and pointing that “unsafe-inline” should not be used. However I can’t get the nonce working and getting follow errors when MUI components is used ...
0
votes
0
answers
163
views
MISSING_OR_INVALID_NONCE : The nonce in ID Token does not match the SHA256 hash of the raw nonce in the request
I am trying to authenticate into firebase using keycloak as OIDC. I am using authorization code flow of the firebase configuration.
Below is the code that I have written for the same
const access: any ...