💉Nonce Injection
Corgi can automatically inject nonce attributes into script elements to be used with a Content Security Policy.
To enable nonce injection, simply place a compiler directive above the func header, with a Go expression retrieving the nonce:
import "context"
//corgi:nonce ctx.Value("nonce")
func Foo(ctx context.Context)
script
> let foo = "bar"nonce := make([]byte, 16)
if _, err := rand.Read(nonce); err != nil {
panic(err)
}
nonceB64 := base64.StdEncoding.ToString(nonce)
ctx := context.WithValue(context.Background(), "nonce", nonceB64)
Foo(ctx)<script nonce="8IBTHwOdqNKAWeKl7plt8g==">
let foo = "bar"
</script>Last updated
Was this helpful?