44d1a1cb15
This PR is part of a larger effort to migrate error messages to MDX and use App Router: https://github.com/vercel/front/pull/23459
22 lines
684 B
Text
22 lines
684 B
Text
---
|
|
title: nonce contained invalid characters
|
|
---
|
|
|
|
## Why This Error Occurred
|
|
|
|
This happens when there is a request that contains a `Content-Security-Policy`
|
|
header that contains a `script-src` directive with a nonce value that contains
|
|
invalid characters (any one of `<>&` characters). For example:
|
|
|
|
- `'nonce-<script />'`: not allowed
|
|
- `'nonce-/>script<>'`: not allowed
|
|
- `'nonce-PHNjcmlwdCAvPg=='`: allowed
|
|
- `'nonce-Lz5zY3JpcHQ8Pg=='`: allowed
|
|
|
|
## Possible Ways to Fix It
|
|
|
|
Replace the nonce value with a base64 encoded value.
|
|
|
|
## Useful Links
|
|
|
|
- [Content Security Policy Sources](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources)
|