cannot disable noncing

  • Resolved fuzzy21

    (@fuzzy21)


    2 months, 1 week ago

    I’m trying to disable script-src nonce and use unsafe-inline, but I am still getting nonces in the header.

    Here’s what I did:

    I set External source csp mode: to none.

    I turned on Use ‘unsafe-hashes‘ for JS event handlers attributes of HTML elements. (Say NO).

    We have a lot of base rules we setup.

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.