juunas11/aspnetcore-security-headers

nonce is generating with + symbol but .net core is encoding it

mohdyasar opened this issue · 1 comments

mohdyasar commented

Hi we are using the middleware and its adding nonce but the issue is .net core 6.0. is encoding it while rendering

Actual NONCE generated in header is "+hyKZ6j52YWMS+/2quPZ6Eyzy6W1gW3JjHJXjn+z+bA="

The encoded header rendered in the script tag is below

<script nonce="&#x2B;hyKZ6j52YWMS&#x2B;/2quPZ6Eyzy6W1gW3JjHJXjn&#x2B;z&#x2B;bA=">
Due to the "+" symbol .net is encoding and the nonce is not matching any pointers please help.

thanks

marthijn commented

I think this is fixed in PR #33 , @juunas11 can you merge this?