Skip to content
This repository has been archived by the owner on Jan 2, 2023. It is now read-only.

Latest commit

 

History

History
20 lines (13 loc) · 676 Bytes

nonce-contained-invalid-characters.md

File metadata and controls

20 lines (13 loc) · 676 Bytes

nonce contained invalid characters

Why This Error Occurred

This happens when there is a request that contains a Content-Security-Policy header that contains a script-src directive with a nonce value that contains invalid characters (any one of <>& characters). For example:

  • 'nonce-<script />': not allowed
  • 'nonce-/>script<>': not allowed
  • 'nonce-PHNjcmlwdCAvPg==': allowed
  • 'nonce-Lz5zY3JpcHQ8Pg==': allowed

Possible Ways to Fix It

Replace the nonce value with a base64 encoded value.

Useful Links