Accessing the nonce from JavaScript, makes all nonce based CSPs strict-dynamic (github.com) 1 points by bandamo 3y ago ↗ HN
[–] bandamo 3y ago ↗ Stumbled upon this and seems like a security issue. Why do browser not block the access to the nonce attribute?
1 comment
[ 3.7 ms ] story [ 14.6 ms ] thread