Better naming for nonce meta tag

[DavidPetrasek]

I propose changing the name from:
<meta name="csp-nonce" ... >
to:
<meta name="csp-style-nonce" ... >
... which is clear, since there can be a script nonce as well.

[brunoprietog]

Thanks for the proposal, but I don't think it's worth making such a change. Don't see the value.

[DavidPetrasek]

There is a value. It happened to me that I was passing a script nonce as a value to this meta tag, and things were not working well. Then I found out it needs to be a style nonce.

[brunoprietog]

Just include a random uuid, like this:

<meta name="csp-nonce" content="03204eb84932e2af821e2fbdca66232a">

[DavidPetrasek]

Ok, but I already have a style and script nonce, then why should I generate another one? That would mean unnecessary overhead and confusion at the same time.

[brunoprietog]

You don't have to generate another one, just use the one you already have. That nonce can be included in the header directives for script and style. They don't necessarily have to be different. In fact, they should be the same. That nonce is used by Turbo not only for styles but also to activate scripts in some cases.