[Solved] How can you dynamically add a nonce value to your Django CSP header to allow inline scripts safely? — Ans: Generate a random nonce per request and include it in the CSP header and script... | Django

Django - Security Best Practices

How can you dynamically add a nonce value to your Django CSP header to allow inline scripts safely?

ASet CSP header to "script-src 'unsafe-inline'" to allow all inline scripts

BGenerate a random nonce per request and include it in the CSP header and script tags

CDisable CSP for inline scripts by removing script-src directive

DUse a fixed nonce value hardcoded in settings.py

Step-by-Step Solution

Solution:

Step 1: Understand nonce usage in CSP
A nonce is a random token generated per request to allow specific inline scripts safely.
Step 2: Implement nonce in Django
Generate a random nonce in middleware, add it to CSP header as 'nonce-', and add same nonce to inline script tags.
Step 3: Avoid unsafe-inline and fixed nonce
Using 'unsafe-inline' disables CSP protection; fixed nonce defeats security purpose.
Final Answer:
Generate a random nonce per request and include it in the CSP header and script tags -> Option B
Quick Check:
Dynamic nonce per request = Generate a random nonce per request and include it in the CSP header and script tags [OK]

Quick Trick: Use dynamic nonce per request for safe inline scripts [OK]

Common Mistakes:

MISTAKES

Master "Security Best Practices" in Django

9 interactive learning modes - each teaches the same concept differently

More Django Quizzes

How can you dynamically add a nonce value to your Django CSP header to allow inline scripts safely?