Security.nonce ViewHelper <f:security.nonce>
ViewHelper to retrieve (and consume) a nonce attribute from the global server request object pool, or from the PolicyProvider service as a fall-back value.
Go to the source code of this ViewHelper: Security\NonceViewHelper.php (GitHub).
Arguments
The following arguments are available for the security.nonce ViewHelper:
directive
-
- Type
- string
Value of the CSP directive
scope
-
- Type
- string
- Default
- 'inline'
`inline` or `static`
Examples
Basic usage
<script nonce="{f:security.nonce()}">const inline = 'script';</script>
Copied!