Is NONCE supported in Asp.Net when implementing the Content-Security-Policy header to protect from XSS ??
I read that NONCE was not supported in Asp.Net, however, I read another simple article, that shows how it is done? Does anyone use nonce for CSP headers, I was able to make my implementation work without it by using unsafe-inline tags for the inline java-script that is in my enterprise web app, it is not feasible to move the inline JS to external files, so the unsafe-inline src was rec. by the client.
I am wondering how many people actually use nonce, or hash when implementing CSP. Also, any general best practices on CSP would be appreciated.