Nonce Tag Usage | Support Center

Contact a Moderator
Back to top

Question

MarvinW1

Member since 2021

Blue Cross Blue Shield Minnesota

Posted: Oct 4, 2022

Last activity: Oct 11, 2022

Posted: 4 Oct 2022 9:17 EDT
Last activity: 11 Oct 2022 10:08 EDT

Closed

Nonce Tag Usage

Report

When Implementing CSP Headers across the application, how is the Nonce Tag referenced and used?

To see attachments, please log in.

Lead System Architect

Like (0)
Share this page Facebook Twitter LinkedIn Email Copying... Copied!

Posted: 2 years ago

Posted: 4 Oct 2022 11:55 EDT

MarijeSchillern

MOD

replied to MarvinW1

Report

@MarvinW1 can you confirm that you are referring to this documentation What's new in security 8.7

nonce

To see attachments, please log in.

Like (0)

Posted: 2 years ago

Posted: 10 Oct 2022 15:53 EDT

MarvinW1

Blue Cross Blue Shield Minnesota

replied to MarijeSchillern

Report

@MarijeSchillern so when i try to implement the Nonce tag it is not found as an option of the CSP Rule. How do we turn it on?

Thanks,

Marvin

The version I am running is 8.7.3

To see attachments, please log in.

Like (0)

Posted: 2 years ago

Updated: 2 years ago

Posted: 11 Oct 2022 6:04 EDT
Updated: 11 Oct 2022 10:08 EDT

MarijeSchillern

MOD

replied to MarvinW1

Report

did you follow the steps as detailed in external documentation?

Example Nonce Usage

https://content-security-policy.com/nonce/

CSP: script-src

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src

https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/nonce

Do you believe this to be a Pega issue?

Can you provide screenshots illustrating how you are configuring the nonce value and a time stamp to the Script-Src directive in the Content Security Policy?

To see attachments, please log in.

Like (0)