Struggling with CSP nonce

Hi! I'm struggling to implement a nonce based content security policy on my app. What is the recommended way of doing it in T3? The only solution so far that I could find in the next docs is to use the app router where the x-nonce header will be automatically read and attached to every script or style tag but it just doesn't do it on page router and the whole app bundle gets blocked.
Solution:
GitHub
GitHub - nibtime/next-safe-middleware: Strict CSP (Content-Security...
Strict CSP (Content-Security-Policy) for Next.js hybrid apps https://web.dev/strict-csp/ - GitHub - nibtime/next-safe-middleware: Strict CSP (Content-Security-Policy) for Next.js hybrid apps https:...
Jump to solution
2 Replies
Solution
Matvey
Matvey14mo ago
GitHub
GitHub - nibtime/next-safe-middleware: Strict CSP (Content-Security...
Strict CSP (Content-Security-Policy) for Next.js hybrid apps https://web.dev/strict-csp/ - GitHub - nibtime/next-safe-middleware: Strict CSP (Content-Security-Policy) for Next.js hybrid apps https:...
soulevans07
soulevans0714mo ago
Thanks! It looks good but I'm concerned about the github issues raised about compatibility with [email protected] and it is not being maintained so I need to do some testing
Want results from more Discord servers?
Add your server