At the moment when I active nonce in the CSP manager, the nonce is added to the script-src. In our old setup we had the nonce in the default-src.
Is there a way to configure this in CSP manager?
You might be able to use the events:
Matthew-Wise/Umbraco-CSP-manager: Content security policy manager for Umbraco
I’ve tried this, but it seems that the nonce is not yet added when I hit my CspWritingNotification.When I check the var sources = notification.CspDefinition.Sources;, there is no source with the nonce.
Any ideas?
It will still be gettable from the CspService or directly from HttpContext.Items