GitHub

A tiny NONCE generator with variable time-outs and individual salts, no database required.

You have to define a secret on the server side and pass it to the generate() and check() methods as the first argument. The secret string must be at least 10 characters long. The seconds argument to ...
GitHub

Suggested CSP nonce generator doesn't work the first time a page is loaded

# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } If a cookie containing the session ID doesn't exist when this suggested nonce generator is executed (usually ...