nonce Questions

1

I need to add a nonce to the inline scripts created by webpack and I can't find any documentation on how to configure this. I've found this pr: https://github.com/webpack/webpack/pull/3210/files bu...
Tress asked 5/12, 2016 at 21:22

3

I have MVC application developed in ASP.NET MVC 4. I have using javascripts in several pages. Some of the javascripts are referenced as @Scripts.Render("~/Scripts/bootstrap") @Scripts.Render("~/Sc...
Carberry asked 6/2, 2020 at 9:41

2

Solved

I have below code in my xyz.js file. init : function() { if (!this.iframe) { this.iframe = document.createElement("iframe"); this.iframe.src = "javascript:false;"; document....
Hereafter asked 3/5, 2023 at 12:1

4

I have an ASSP.NET MVC web application MyWebApp which doesn't allow anonymous access to any page. There is an IdentityServer4 configured and once the user tries to open MyWebApp, he gets redirected...
Curtal asked 20/7, 2021 at 14:54

2

Solved

I am in the process of adding CSP headers to a site that has a long way to go before it can adopt a strict policy. There are quite a few inline scripts, so I am using nonce- to allow specific inlin...
Frontlet asked 31/5, 2019 at 18:4

5

Solved

I had at first misinterpreted the timestamp implementation of OAuth into thinking that it meant a timestamp that was not within 30 seconds past the current time would be denied, it turned out this ...
Hypnogenesis asked 28/7, 2011 at 21:8

4

Solved

I need to generate a nonce (number generated only once) to remove the CSP rule 'unsafe-inline' and all the trusted URLs for scripts, improving the CSP score. Thus I need to have in the HTML <sc...
Extender asked 27/4, 2018 at 20:10

2

I have an app running in azure using Azure active directory. Some of the users have just reported getting this error trying to access the app. I can access it ok, so can many other users, its only ...
Slagle asked 8/9, 2017 at 14:16

2

Solved

I am trying to call a webservice from java. This is basically not that difficult, except that the webservice expects some security in the form of a username and password and a nonce. When I try to ...
Scurrile asked 13/2, 2015 at 13:54

1

Solved

I've been reading CSP stuffs recently, but I failed to find a clear explanation or solid example about how nonce gonna work. I tried to avoid using unsafe-inline for security concerns. So far, my u...

2

Has anyone successfully added a CSP to a Nuxt app? I tried Helmet but it doesn't seem to be compatible with a nuxt.config.js file. Also tried adding csp on the Render property in Nuxt, but ran into...
Fullmer asked 3/2, 2020 at 18:24

2

Solved

I want to add a nonce to a dynamically constructed script tag. The below does NOT add any nonce to the generated script tag. Anyone an idea how the nonce can be added? var _wss = document.createEle...
Mousetail asked 16/4, 2021 at 9:54

1

Solved

I'm using Golang's crypto package, crypto/aes specifically, with a 32 bytes key (so, AES-256) and the GCM method (Galois/Counter Mode). I read from a file multiple chunks of 16384 bytes and generat...
Yearling asked 9/4, 2021 at 21:54

4

Solved

I am trying to write a simple proof-of-work nonce-finder in python. def proof_of_work(b, nBytes): nonce = 0 # while the first nBytes of hash(b + nonce) are not 0 while sha256(b + uint2bytes(non...
Brewmaster asked 12/9, 2015 at 10:56

1

In the context of Content Security Policies there can be elements that are excluded from the policy, if they have the nonce attribute as specified in the respective policy. Obviously this works for...
Mackinnon asked 12/1, 2021 at 22:45

7

Solved

I am trying to use the UUID to generate as a nonce to be use for Twitter reverse authentication. But apparently the UUID is not a good choice. So how can I generate a unique random string every tim...
Gayle asked 18/7, 2014 at 18:31

2

Solved

I am new in cryptography. I need to encrypt a text using AES with some configuration Encryption mode: GCM Key size: 256 bits Nonce size: 96 bits MAC size: 128 bits As AES is a symmetric algo. s...
Jaunita asked 25/11, 2019 at 10:22

4

Solved

In a attempt to make the current application I'm developing more secure, I've been reading about CSRF tokens and also Nonce. My question simply is, Are CSRF tokens and Nonce the same thing? from w...
Kalle asked 17/4, 2011 at 4:33

1

Solved

I'm trying to add nonce values to my inline scripts to satisfy a stricter CSP. However, I am running into a weird issue where chrome is stripping the value from nonce attributes. When I curl the pa...
Mcadoo asked 14/4, 2019 at 0:20

5

Solved

I am running a website, and there is a scoring system that gives you points for the number of times you play a game. It uses hashing to prove the integrity of http request for scoring, so users can...
Sudoriferous asked 10/11, 2010 at 14:33

5

Solved

Can someone share the best practices for creating a nonce for an OAuth request in Python?
Elberfeld asked 8/4, 2011 at 3:41

1

Is there a secure way of whitelisting dynamically created scripts in a WebForms project using CSP (Content Security Policy)? Using unsafe-inline like below it works but not recommended. context.R...
Helles asked 8/1, 2019 at 15:59

8

I have an ASP.NET MVC 5 app that authenticates against Azure Active Directory. I wanted to enable SSL on it across the app. and hence leveraged global filters as follows: public class FilterConfig...

2

Solved

I am building a password change form using the WordPress REST API. The user enters a new password which is then submitted via AJAX to a custom endpoint which does this: $userID = get_current_user_...
Neurogram asked 31/7, 2017 at 12:49

2

In challenge-response mechanism (and other systems), it advised not to use time-based nonce. Why it should be avoided?
Lucknow asked 7/3, 2017 at 8:23

© 2022 - 2025 — McMap. All rights reserved.