Good day. I had a problem with the inclusion of CSP on the site. I enabled Content-Security-Policy-Report-Only in the nginx.conf file. The following error occurred in the console
adsbygoogle.js: 37 [Report Only] Refused to apply inline style policy directive: "style-src http://example.com ". Either the 'unsafe-inline' keyword, a hash ('sha256-c + dT7QO / wB / DJJUeioTL / YNq09s5o1WF1vk5RjJU / 4I ='), or a nonce ('nonce -...') (anonymous function) @ adsbygoogle.js: 37
I was looking for a solution to the problem. But everywhere it is advised to include unsafe-inline . I think it is unsafe. A more reliable option would be to use nonce- . But for this you need to enable the generation of hash in the nginx configs and transfer it to files to attach to the scripts. But I do not know how to implement it. I thought even to try md5 (secret word + today's date). But this too cannot be used in the nginx configuration. Please help with the question or at least give a link to the article. I ask you in advance not to recommend the inclusion of CSP in PHP files.
