security::csp::nonce (public)

 security::csp::nonce [ -tokenname tokenname ]

Defined in packages/acs-tcl/tcl/security-procs.tcl

Generate a nonce token and return it. The nonce token can be used in content security policies (CSP2) for "script" and "style" elements. Desired Properties: generate a single unique value per request which is hard for a hacker to predict, it should only contain base64 characters (so hex is fine). For details, see https://www.w3.org/TR/CSP/

Switches:
-tokenname (optional, defaults to "__csp_nonce")
Returns:
nonce token
Author:
Gustaf Neumann

Testcases:
No testcase defined.
[ show source ]
Show another procedure: