Support nonce-based CSP
pmmmwh opened this issue · 1 comments
pmmmwh commented
When using a nonce-based strict CSP, the speed-insights script will be blocked by the browser.
Is support for a nonce
config option something acceptable?
Ref:
https://nextjs.org/docs/pages/building-your-application/configuring/content-security-policy
https://csp.withgoogle.com/docs/strict-csp.html
pmmmwh commented
Seems to be a non-issue if injected properly within the same script + strict-dynamic
.