#566 [MEDIUM] security_headers.py CSP nonce generated but unused

closed medium Created 2025-12-17 16:32 · Updated 2026-01-02 06:26

Description

Edit

CSP nonce is generated on every request but never actually used in responses. This is wasted computation. Options: 1) Remove nonce generation if not needed 2) Actually use nonce in script-src directive 3) Make nonce generation lazy.

Comments

Loading comments...

Context

Loading context...

Audit History

View All

Loading audit history...

#566 [MEDIUM] security_headers.py CSP nonce generated but unused

Description

Similar Issues

Comments

Context

Audit History