Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nonces in Origin-CSPs #101

Open
36dos opened this issue Aug 10, 2021 · 1 comment
Open

Nonces in Origin-CSPs #101

36dos opened this issue Aug 10, 2021 · 1 comment

Comments

@36dos
Copy link

36dos commented Aug 10, 2021

Are nonces going to be added to CSPs deployed in origin manifest ? If so, will there be a mechanism for the browser to refresh the nonces in the origin-CSP and the nonces in the script tags of webpages where the CSP is applied ? If not, is it better rather deploy an additional nonced-CSP to webpages (as a header), in addition to the origin-CSP without nonces added to the manifest ?
@Sora2455
Copy link

Considering that Origin Policies are meant to be cached and re-used across requests, and nonces become worse than useless if reused across requests, I don't see how you could use nonces in an origin policy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Sora2455 @36dos