Follow
RT Lukas Weichselbaum
If you want to learn how to mitigate XSS with a strict CSP based on nonces or hashes read:
The "strict" CSP approach:
✅ doesn't suffer from allow-list bypasses,
✅ doesn't need customisation and
✅ effectively reduces the attack surface of your app.
https://web.dev/strict-csp/
