CSP nonces with Cloudflare Workers

Thank you for your answer, you are absolutely right.

I also corrected my mistake. I’ll post the code if it helps.

Code for Cloudflare Workers: https://gist.github.com/richie5um/b2999177b27095af13ec619e44742116

Code for WordPress :

add_filter( 'script_loader_tag', 'add_nonce_to_script', 10, 3 );
function add_nonce_to_script( $tag, $handle, $source ) {
$search = "type="text/javascript"";
$replace = "type="text/javascript" nonce=""";
$subject = $tag;

$output = str_replace($search, $replace, $subject);
return $output;
}

Related Posts:

  1. How does nonce verification work?
  2. How to expire a nonce?
  3. Fatal error: Call to undefined function wp_create_nonce()
  4. How to add/retrieve the post trash link?
  5. Using nonce external of WP Admin
  6. Nonce best practices: hidden input vs. wp_localize_script?
  7. “The link you followed has expired” when previewing a post
  8. wp_verify_nonce keeps failing
  9. Handling nonce generation in AJAX registration process
  10. increase nonce lifespan
  11. wp_verify_nonce() via REST always returns false
  12. Nonce failing in IE
  13. my theme breaks WP export
  14. Why am I getting a 403 from check_admin_referer()?
  15. x-wp-nonce across domains
  16. wp_create_nonce doesn’t verify when using WP_List_Table
  17. Handling expired nonces
  18. What is really “wp_nonce_field” and how does it work? [duplicate]
  19. Cannot verify nonce
  20. wp_verify_nonce return false despite correct parameter passed
  21. WordPress JSON API nonces and Vue development server
  22. Verify a nonce in Form submission
  23. phpcs error in WordPress
  24. Stop WordPress nonces expiring
  25. Several nonces?
  26. Nonce for Trashing Item
  27. Nonce keeps failing
  28. Public posts – preventing duplicate form submissions
  29. How to obtain “wp_rest” nonce for WP Statistics plugin manually?
  30. WordPress “nonce” message
  31. Why are nonces working in Firefox but not in Chrome?
  32. wp_verfy_nonce keeps giving false
  33. Nonce – reissue with ajax poll
  34. wp_nonce_url generating invalid links
  35. How to insert wp_nonce field within echoed string
  36. Nonce check causing issues when creating new post
  37. Weird nonce validation problem
  38. Logout button in menu without “wp” in links
  39. What is a Ray ID (Cloudflare)?
  40. wp_verify_nonce vs check_admin_referer
  41. How do I create a user using the new JSON api in 4.7?
  42. Is wp_nonce_field vulnerable if you know the action name?
  43. Is it safe to assume that a nonce may be validated more than once?
  44. Should nonce be sanitized?
  45. Using Nonces for AJAX that only retrieves data
  46. WordPress “Link has expired” error on updating posts
  47. How to verify nonce from Bulk/Quick Edit in save_post?
  48. WordPress failure when logging out
  49. Reduce nonce lifespan
  50. Ajax function returns -1
  51. Security around save_post hook
  52. wp_verify_nonce always returns false when logged in as admin
  53. how to get nonce using json api
  54. ajax and nonce when JavaScript is in a seperate file
  55. Confusion on WP Nonce usage in my Plugin
  56. Can I check for maintenance mode before redirecting to subdomain?
  57. AJAX requests broken due to HTTPS for wp-admin
  58. wp_nonce_url to users.php for deleting user not working
  59. How can I create a plugin installation link?
  60. Security checking in meta_box save is reluctant?
  61. How to check an ajax nonce in PHP
  62. wp_verify_nonce not working
  63. how to send Ajax request in wordpress backend
  64. WP Admin AJAX Security – using POST to include a relative URL
  65. wp_create_nonce() in REST API makes user->ID zero
  66. ajax nonce verification failing
  67. wp_create_nonce function doesn’t work inside a plugin?
  68. Nonce failing on form submission
  69. Found 2 elements with non-unique id (#_ajax_nonce) and (#_wpnonce)
  70. Why ajax doesn’t work on certain wordpress hooks?
  71. Custom login doesn’t work properly
  72. Woocommerce – Want to block a user agent from accessing specific product pages
  73. Is there value in using a wp_nonce for POST requests?
  74. Form Security: nonce vs. jQuery
  75. Nonce doesn’t validate in nopriv call
  76. Should I use wp_nonce_field on my contact form?
  77. Forms and WordPress Nonce
  78. Why does check_ajax_referer give a 403 error on https websites?
  79. WordPress is creating nonce as a logged in user but verifying it incorrectly
  80. How to use nonce
  81. Where to use nonce
  82. How to use the wpsnonce clone post link?
  83. Re-use Nonce in Repeating Event Signup Buttons
  84. How to add a WordPress Nonce for this form to avoid CSRF
  85. Reliable way to add nonce to HTTP Header in WordPress?
  86. On a multisite environment, get the subdomain value as variable
  87. wp_nonce vs jwt
  88. Using a nonce Content Security Policy header for style-src for inline style elements returns errors
  89. How to add a prefix to a WordPress post preview url?
  90. Time out opening second page in same browser with long running page load
  91. Fully caching WordPress site by CDN (eg. Cloudflare)
  92. wp-admin and wp-login.php not Accessible after Cloudflare
  93. Override plugin function to show invoices even if not logged in
  94. No Query String vs Ignore Query String in WordPress
  95. 403 Forbidden on site logo image upload
  96. Nonce and widget
  97. Is it necessary to use a WordPress nonce when allowing users to download public data?
  98. Can not login after moving to cloudflare and adding rules
  99. Wp doesn’t save meta box data
  100. Cron job for wp_cron.php running but not publishing scheduled posts
techhipbettruvabetnorabahisbahis forumuedusedueduseduseduseduedusedusedusedus