Do I need nonces if I want a strict/secure CSP for production?
Unanswered
Blue whiting posted this in #help-forum
Blue whitingOP
Simply put is the title. Do I NEED nonces for my simple nextjs app to work with a CSP that doesn't allow "unsafe" to be well secured? I am guessing so since its the first thing on the CSP page on NextJS docs, but I just want to get some verification. I'm just surprised it wouldn't allow itself to run + the docs kind of confused me and made me think it was only required for other scripts besides next.