2023-07-05 15:11:16 +02:00
---
title: nonce contained invalid characters
---
2022-09-09 00:17:15 +02:00
2023-07-05 15:11:16 +02:00
## Why This Error Occurred
2022-09-09 00:17:15 +02:00
2023-09-02 00:13:49 +02:00
A request to your Next.js application contained a `Content-Security-Policy`
header with a `script-src` directive and `nonce` that contains
2022-09-09 00:17:15 +02:00
invalid characters (any one of `<>&` characters). For example:
- `'nonce-<script />'`: not allowed
- `'nonce-/>script<>'`: not allowed
- `'nonce-PHNjcmlwdCAvPg=='`: allowed
- `'nonce-Lz5zY3JpcHQ8Pg=='`: allowed
2023-07-05 15:11:16 +02:00
## Possible Ways to Fix It
2022-09-09 00:17:15 +02:00
2023-09-02 00:13:49 +02:00
We recommend using a randomly generated UUID for your nonce.
Learn more about how to use nonces with Next.js in our [Content Security Policy](/docs/app/building-your-application/configuring/content-security-policy) docs.
2022-09-09 00:17:15 +02:00
2023-07-05 15:11:16 +02:00
## Useful Links
2022-09-09 00:17:15 +02:00
2023-09-02 00:13:49 +02:00
- [Content Security Policy](/docs/app/building-your-application/configuring/content-security-policy)