I’ve been using Phoenix 1.7 and try to put a value “nonce” in an script tag, but no matter what value you put the output in HEEx will be a simple presence of the attribute, and not the string value.
Example
<script nonce="desire_value"></script>
HEEx will generate just:
<script nonce> </script>
Like if “nonce” were a simple boolean attribute but it is not.
Any help ?
Thanks.
Even live_dashboard library is not working because the tag is rendered without “nonce” value.
live_dashboard("/dashboard", metrics: MyWeb.Telemetry, csp_nonce_assign_key: :csp_nonce_value)
Will render:
<script nonce>
"use strict";
(function() {
var PolyfillEvent = eventConstructor();
...
And will not work with csp policy.
Ok forget it is browser capability
Thanks for your answer, but actually it was my mistake. The nonce attribute were rendered correctly, but the web browser’s hides their values intentionally, with a simple curl or wget, the nonce is rendered and working ok!
© Copyright Elixir Forum | Terms | Privacy & Cookies
