René's URL Explorer Experiment


Title: Support nonce-based Content Security Policy by ziqin · Pull Request #18499 · spring-projects/spring-security · GitHub

Open Graph Title: Support nonce-based Content Security Policy by ziqin · Pull Request #18499 · spring-projects/spring-security

X Title: Support nonce-based Content Security Policy by ziqin · Pull Request #18499 · spring-projects/spring-security

Description: Spring Security. Contribute to spring-projects/spring-security development by creating an account on GitHub.

Open Graph Description: This PR implements gh-10826. Introduction When strict Content Security Policy is used, web browsers block inline <script> or <style> blocks in HTML to mitigate XSS attacks injecting mal...

X Description: This PR implements gh-10826. Introduction When strict Content Security Policy is used, web browsers block inline &lt;script&gt; or &lt;style&gt; blocks in HTML to mitigate XSS attac...

Opengraph URL: https://github.com/spring-projects/spring-security/pull/18499

X: @github

direct link

Domain: patch-diff.githubusercontent.com

route-pattern/_view_fragments/voltron/pull_requests/show/:user_id/:repository/:id/pull_request_layout(.:format)
route-controllervoltron_pull_requests_fragments
route-actionpull_request_layout
fetch-noncev2:c8eeaff5-550f-3192-00c5-290d43c8da02
current-catalog-service-hashae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b
request-id82C8:156694:43297D2:584A74A:6992F15F
html-safe-noncef38d9493180ac978d53e24348db4301d52722cdd02529ee0ce3399b9c1acc228
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI4MkM4OjE1NjY5NDo0MzI5N0QyOjU4NEE3NEE6Njk5MkYxNUYiLCJ2aXNpdG9yX2lkIjoiNzMzNzE3MzIwNzExNDUxMDY4NyIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9
visitor-hmac14a8a40e840647b8aacab9220e593b5bbb238bb3be9cec468edf2eecd30ede28
hovercard-subject-tagpull_request:3174652057
github-keyboard-shortcutsrepository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location///voltron/pull_requests_fragments/pull_request_layout
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/_view_fragments/voltron/pull_requests/show/spring-projects/spring-security/18499/pull_request_layout
twitter:imagehttps://opengraph.githubassets.com/146ef32ad0f89ed8235e165b5d96b241f54c0b29dfa7aff2d4c362e56380cb7c/spring-projects/spring-security/pull/18499
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/146ef32ad0f89ed8235e165b5d96b241f54c0b29dfa7aff2d4c362e56380cb7c/spring-projects/spring-security/pull/18499
og:image:altThis PR implements gh-10826. Introduction When strict Content Security Policy is used, web browsers block inline <script> or <style> blocks in HTML to mitigate XSS attacks injecting mal...
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
og:author:usernameziqin
hostnamegithub.com
expected-hostnamegithub.com
None01ab16879a3159e6f0717ab948b9b562e162a6aafd1f4393b786b07b747df244
turbo-cache-controlno-cache
go-importgithub.com/spring-projects/spring-security git https://github.com/spring-projects/spring-security.git
octolytics-dimension-user_id317776
octolytics-dimension-user_loginspring-projects
octolytics-dimension-repository_id3148979
octolytics-dimension-repository_nwospring-projects/spring-security
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id3148979
octolytics-dimension-repository_network_root_nwospring-projects/spring-security
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
releaseb1570f3928bef80fa5fc7890ce0942e9b696ad9d
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499#start-of-content
https://patch-diff.githubusercontent.com/
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2Fspring-projects%2Fspring-security%2Fpull%2F18499
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub SparkBuild and deploy intelligent appshttps://github.com/features/spark
GitHub ModelsManage and compare promptshttps://github.com/features/models
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2Fspring-projects%2Fspring-security%2Fpull%2F18499
Sign up https://patch-diff.githubusercontent.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fvoltron%2Fpull_requests_fragments%2Fpull_request_layout&source=header-repo&source_repo=spring-projects%2Fspring-security
Reloadhttps://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499
Reloadhttps://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499
Reloadhttps://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499
spring-projects https://patch-diff.githubusercontent.com/spring-projects
spring-securityhttps://patch-diff.githubusercontent.com/spring-projects/spring-security
Notifications https://patch-diff.githubusercontent.com/login?return_to=%2Fspring-projects%2Fspring-security
Fork 6.2k https://patch-diff.githubusercontent.com/login?return_to=%2Fspring-projects%2Fspring-security
Star 9.4k https://patch-diff.githubusercontent.com/login?return_to=%2Fspring-projects%2Fspring-security
Code https://patch-diff.githubusercontent.com/spring-projects/spring-security
Issues 1.2k https://patch-diff.githubusercontent.com/spring-projects/spring-security/issues
Pull requests 108 https://patch-diff.githubusercontent.com/spring-projects/spring-security/pulls
Actions https://patch-diff.githubusercontent.com/spring-projects/spring-security/actions
Projects 0 https://patch-diff.githubusercontent.com/spring-projects/spring-security/projects
Wiki https://patch-diff.githubusercontent.com/spring-projects/spring-security/wiki
Security 0 https://patch-diff.githubusercontent.com/spring-projects/spring-security/security
Insights https://patch-diff.githubusercontent.com/spring-projects/spring-security/pulse
Code https://patch-diff.githubusercontent.com/spring-projects/spring-security
Issues https://patch-diff.githubusercontent.com/spring-projects/spring-security/issues
Pull requests https://patch-diff.githubusercontent.com/spring-projects/spring-security/pulls
Actions https://patch-diff.githubusercontent.com/spring-projects/spring-security/actions
Projects https://patch-diff.githubusercontent.com/spring-projects/spring-security/projects
Wiki https://patch-diff.githubusercontent.com/spring-projects/spring-security/wiki
Security https://patch-diff.githubusercontent.com/spring-projects/spring-security/security
Insights https://patch-diff.githubusercontent.com/spring-projects/spring-security/pulse
ziqinhttps://patch-diff.githubusercontent.com/ziqin
spring-projects:mainhttps://patch-diff.githubusercontent.com/spring-projects/spring-security/tree/main
ziqin:gh-10826https://patch-diff.githubusercontent.com/ziqin/spring-security/tree/gh-10826
Conversationhttps://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499
Commits4 (4)https://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499/commits
Checkshttps://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499/checks
Files changedhttps://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499/files
Support nonce-based Content Security Policyhttps://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499#top
ziqinhttps://patch-diff.githubusercontent.com/ziqin
spring-projects:mainhttps://patch-diff.githubusercontent.com/spring-projects/spring-security/tree/main
ziqin:gh-10826https://patch-diff.githubusercontent.com/ziqin/spring-security/tree/gh-10826
https://patch-diff.githubusercontent.com/ziqin
ziqinhttps://patch-diff.githubusercontent.com/ziqin
Jan 14, 2026https://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499#issue-3814485824
Please reload this pagehttps://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499
gh-10826https://github.com/spring-projects/spring-security/issues/10826
86947cbhttps://github.com/spring-projects/spring-security/commit/86947cb22095865ac88e9aae6af1ac4dea5ca2b7
Please reload this pagehttps://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499
https://patch-diff.githubusercontent.com/spring-projects-issues
spring-projects-issueshttps://patch-diff.githubusercontent.com/spring-projects-issues
status: waiting-for-triage https://patch-diff.githubusercontent.com/spring-projects/spring-security/issues?q=state%3Aopen%20label%3A%22status%3A%20waiting-for-triage%22
Jan 14, 2026https://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499#event-22051159730
https://patch-diff.githubusercontent.com/ziqin
ziqinhttps://patch-diff.githubusercontent.com/ziqin
force-pushedhttps://patch-diff.githubusercontent.com/spring-projects/spring-security/compare/36ac5aa33e28b2c24763e654bed02373c8ef0fc2..ed007c1617ceb0e4452f99c673644ac5e16b78ec
36ac5aahttps://patch-diff.githubusercontent.com/spring-projects/spring-security/commit/36ac5aa33e28b2c24763e654bed02373c8ef0fc2
ed007c1https://patch-diff.githubusercontent.com/spring-projects/spring-security/commit/ed007c1617ceb0e4452f99c673644ac5e16b78ec
Compare https://patch-diff.githubusercontent.com/spring-projects/spring-security/compare/36ac5aa33e28b2c24763e654bed02373c8ef0fc2..ed007c1617ceb0e4452f99c673644ac5e16b78ec
January 14, 2026 20:57https://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499#event-22053261277
https://patch-diff.githubusercontent.com/ziqin
ziqinhttps://patch-diff.githubusercontent.com/ziqin
January 14, 2026 21:16https://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499#event-22053618069
https://patch-diff.githubusercontent.com/ziqin
ziqinhttps://patch-diff.githubusercontent.com/ziqin
Jan 14, 2026 https://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499#ref-issue-1130923282
Consider having ContentSecurityPolicyHeaderWriter supply a script nonce #10826 https://patch-diff.githubusercontent.com/spring-projects/spring-security/issues/10826
https://patch-diff.githubusercontent.com/ziqin
ziqinhttps://patch-diff.githubusercontent.com/ziqin
force-pushedhttps://patch-diff.githubusercontent.com/spring-projects/spring-security/compare/ed007c1617ceb0e4452f99c673644ac5e16b78ec..b18c078681b9e17adbd6c47c33e99b433e0bad73
ed007c1https://patch-diff.githubusercontent.com/spring-projects/spring-security/commit/ed007c1617ceb0e4452f99c673644ac5e16b78ec
b18c078https://patch-diff.githubusercontent.com/spring-projects/spring-security/commit/b18c078681b9e17adbd6c47c33e99b433e0bad73
Compare https://patch-diff.githubusercontent.com/spring-projects/spring-security/compare/ed007c1617ceb0e4452f99c673644ac5e16b78ec..b18c078681b9e17adbd6c47c33e99b433e0bad73
January 15, 2026 04:04https://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499#event-22060027821
https://patch-diff.githubusercontent.com/ziqin
ziqinhttps://patch-diff.githubusercontent.com/ziqin
Jan 16, 2026 https://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499#ref-pullrequest-3801130281
Improve And/Or-RequestMatcher/ServerWebExchangeMatcher API #18479 https://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18479
ziqinhttps://patch-diff.githubusercontent.com/ziqin
February 4, 2026 16:36https://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499#commits-pushed-86947cb
https://patch-diff.githubusercontent.com/ziqin
Fix method chaining for ContentSecurityPolicySpechttps://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499/commits/86947cb22095865ac88e9aae6af1ac4dea5ca2b7
86947cbhttps://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499/commits/86947cb22095865ac88e9aae6af1ac4dea5ca2b7
https://patch-diff.githubusercontent.com/ziqin
Support nonce-based Content-Security-Policyhttps://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499/commits/8da8283dffe1bff8b8ee39038523f0f72e435450
8da8283https://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499/commits/8da8283dffe1bff8b8ee39038523f0f72e435450
spring-projectsgh-10826https://github.com/spring-projects/spring-security/issues/10826
https://patch-diff.githubusercontent.com/ziqin
Support configuring nonce-based Content-Security-Policyhttps://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499/commits/c7799eac252477123c2e10017c9bc67c8e1e9055
c7799eahttps://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499/commits/c7799eac252477123c2e10017c9bc67c8e1e9055
spring-projectsgh-10826https://github.com/spring-projects/spring-security/issues/10826
https://patch-diff.githubusercontent.com/ziqin
Improve ContentSecurityPolicyServerHttpHeadersWriter Javadochttps://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499/commits/11df8ec9c798f325971e1f4db3990b456041ae02
11df8echttps://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499/commits/11df8ec9c798f325971e1f4db3990b456041ae02
https://patch-diff.githubusercontent.com/ziqin
ziqinhttps://patch-diff.githubusercontent.com/ziqin
force-pushedhttps://patch-diff.githubusercontent.com/spring-projects/spring-security/compare/ac4725258fa9323bd1164718ffdfa7553bb3acfd..11df8ec9c798f325971e1f4db3990b456041ae02
ac47252https://patch-diff.githubusercontent.com/spring-projects/spring-security/commit/ac4725258fa9323bd1164718ffdfa7553bb3acfd
11df8echttps://patch-diff.githubusercontent.com/spring-projects/spring-security/commit/11df8ec9c798f325971e1f4db3990b456041ae02
Compare https://patch-diff.githubusercontent.com/spring-projects/spring-security/compare/ac4725258fa9323bd1164718ffdfa7553bb3acfd..11df8ec9c798f325971e1f4db3990b456041ae02
February 4, 2026 08:50https://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499#event-22521940473
https://github.co/hiddenchars
https://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/{{ revealButtonHref }}
Sign up for freehttps://patch-diff.githubusercontent.com/join?source=comment-repo
Sign in to commenthttps://patch-diff.githubusercontent.com/login?return_to=https%3A%2F%2Fgithub.com%2Fspring-projects%2Fspring-security%2Fpull%2F18499
status: waiting-for-triage https://patch-diff.githubusercontent.com/spring-projects/spring-security/issues?q=state%3Aopen%20label%3A%22status%3A%20waiting-for-triage%22
Please reload this pagehttps://patch-diff.githubusercontent.com/spring-projects/spring-security/pull/18499
https://patch-diff.githubusercontent.com/ziqin
https://patch-diff.githubusercontent.com/spring-projects-issues
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width

URLs of crawlers that visited me.