Power Platform Community Forum Thread Details

For CSP's 'nonce', what is Power Pages' server?

Hi community,

I'm building a report regarding the benefits of enabling 'nonce' in the script-src of Power Pages' CSP settings. Our IT team is enforcing that hashes shouldn't be visible when inspecting the website because it might cause security issues when we deploy the website. But this is clearly wrong, based on my understanding, as the hash generated by 'nonce' is unique every single time.

Reading forums and articles about this, when nonce is enabled it enables inline scripts and events in our website. But I want to further understand how the hashes are matched from the generated nonce and the server. These forums and articles do mention server a lot, what is this server? What server is Power Pages operating on? Is the inline scripts and event hashes located in the server? I want to understand how the generated nonce would match the ones in the server and how hackers may have a hard time hacking our site.

Could anyone brief me on this? Could you provide more helpful articles or forums?

I apologize in advance if my second paragraph is disorganized list of questions. I hope you get what I want to know. Thank you!

Categories:

General

Settings

Quick Links

Leaderboard > Power Pages