nonce

How to not cache nonces with WP Rocket?

Find the specific AJAX call URL and prevent that being cached with the WP-Rocket advanced rules settings. https://docs.wp-rocket.me/article/54-exclude-pages-from-the-cache. As per your comment, you need a strategy for not having the nonce in a file that can be cached such as javascript files, so as you said, use PHP to generate the nonce and pass it … Read more

Using a nonce Content Security Policy header for style-src for inline style elements returns errors

It seems like you added the nonce to the script-src directive but not to the style-src directive. This might be the reason that why scripts are working but styles are not. Possible solution: “style-src ‘self’ https://fonts.googleapis.com ‘nonce-“.tu_custom_nonce_value () .”‘;”. “script-src ‘self’ https://maps.googleapis.com https://www.googletagmanager.com https://ajax.googleapis.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://cdnjs.cloudflare.com ‘nonce-“.tu_custom_nonce_value () .”‘;”;

CSP nonces with Cloudflare Workers

Thank you for your answer, you are absolutely right. I also corrected my mistake. I’ll post the code if it helps. Code for Cloudflare Workers: https://gist.github.com/richie5um/b2999177b27095af13ec619e44742116 Code for WordPress : add_filter( ‘script_loader_tag’, ‘add_nonce_to_script’, 10, 3 ); function add_nonce_to_script( $tag, $handle, $source ) { $search = “type=”text/javascript””; $replace = “type=”text/javascript” nonce=”””; $subject = $tag; $output = … Read more

+ More
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)