Consider adding nonce in Tanstack/start
hello devs of tanstack.
I noticed that nonce is not exists in <Scripts />
this will allow the nonce csp to deny on unsafe script
adding like this
<Scripts nonce="nonce" />
5 Replies
genetic-orange•2mo ago
it's not documented yet but you supply csp nonce via createRouter and ssr.nonce
vicious-goldOP•2mo ago
thank you
fascinating-indigo•2mo ago
But then how can I add it to my csp headers? The route headers function does not have access to the router instance, or I'm missing something?
other-emerald•2mo ago
this might be helpful:
https://www.vseventer.com/blog/configuring-content-security-policy-csp-in-tanstack-start
Configuring Content Security Policy (CSP) in TanStack Start | vseve...
This article describes how to set-up a Content Security Policy using TanStack Start RC release, providing step-by-step guidance with code samples.
fascinating-indigo•2mo ago
Thanks, that helps, I wonder if that's the intended way 😅