How to implement nonce in _headers file?
I am using pages with marko, how could I implement nonce from the _headers file?
11 Replies
If it's a dynamic nonce, you won't be able to and will have to set your headers via code using Functions
but using a static nonce is just like not using a nonce right?
yeah, pretty much
thanks
But what if my website is ssg?
your framework should offer some way to run server-side code and set headers I'd imagine
you would do this in vanilla Pages with Functions, but it might be a little different depending on your framework
yes, how could I implement hash?
you could create a random UUID with
crypto.randomUUID, or some random bytes + md5/sha it - lots of ways to generate a random hashI mean, this hash:
https://content-security-policy.com/hash/
CSP Hash Examples and Guide
Implementing a hash with Content Security Policy (CSP)
this is the hash of the script itself
do we have some software that could calculate the hash for all the scripts for me?
depends greatly on your framework and how you're building your site. It might expose some metadata about the build output
ok, thanks