Symfony uses nonces in the development web toolbar like this :
<div id="sfwdtd61de8" class="sf-toolbar sf-display-none"></div><script
nonce=ca6666b27bc9c402c16192e4b43bbdaa>
etc and then, since the nonces are dynamically generated, i can't use in my vhost this kind of code for Content Security Policy :
Header set Content-Security-Policy script-src 'self' 'nonce-
ca6666b27bc9c402c16192e4b43bbdaa'
So what am i supposed to do in order to whitelist the web developer toolbar code ?
I'm using :
- Symfony 3.3.2
- Apache 2.4.25
- PHP 7.1.2