How to not cache nonces with WP Rocket?

Find the specific AJAX call URL and prevent that being cached with the WP-Rocket advanced rules settings. https://docs.wp-rocket.me/article/54-exclude-pages-from-the-cache. As per your comment, you need a strategy for not having the nonce in a file that can be cached such as javascript files, so as you said, use PHP to generate the nonce and pass it … Read more

Using a nonce Content Security Policy header for style-src for inline style elements returns errors

It seems like you added the nonce to the script-src directive but not to the style-src directive. This might be the reason that why scripts are working but styles are not. Possible solution: “style-src ‘self’ https://fonts.googleapis.com ‘nonce-“.tu_custom_nonce_value () .”‘;”. “script-src ‘self’ https://maps.googleapis.com https://www.googletagmanager.com https://ajax.googleapis.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://cdnjs.cloudflare.com ‘nonce-“.tu_custom_nonce_value () .”‘;”;