Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: example of generated nonce to use base64 encoding as per spec (#…
…55039) nonce's are limited to characters found in base64 encoding, uuids contain '-' which breaks the spec, converting to a base64 string after generating simplifies this --- This was a bit gotcha in our project, there are a few tools that only expect there to be a single `-` and do a split based off it (so when there are >1 they fail) ## Rules for nonce's - The nonce must be unique for each HTTP response - The nonce should be generated using a cryptographically secure random generator - The nonce should have sufficient length, aim for at least 128 bits of entropy (32 hex characters, or about 24 base64 characters). - Script tags that have a nonce attribute must not have any untrusted / unescaped variables within them. - The characters that can be used in the nonce string are limited to the characters found in base64 encoding.
- Loading branch information