Struggling with CSP nonce
Hi! I'm struggling to implement a nonce based content security policy on my app. What is the recommended way of doing it in T3?
The only solution so far that I could find in the next docs is to use the app router where the x-nonce header will be automatically read and attached to every script or style tag but it just doesn't do it on page router and the whole app bundle gets blocked.
The only solution so far that I could find in the next docs is to use the app router where the x-nonce header will be automatically read and attached to every script or style tag but it just doesn't do it on page router and the whole app bundle gets blocked.
Solution
GitHub
Strict CSP (Content-Security-Policy) for Next.js hybrid apps https://web.dev/strict-csp/ - GitHub - nibtime/next-safe-middleware: Strict CSP (Content-Security-Policy) for Next.js hybrid apps https:...
