Having a content security policy on one’s website is a good way to provide an extra layer of security on one’s site.
I have a content security policy that works as expected on desktop, but it breaks the site on mobile (safari). The content security policy is inside meta tags. I am using nonces and hashes. On mobile I get the error stating that it refused to execute inline script because it violates the Content Security Policy directive which includes the hashes and nonces. The error also states that I need either a hash or nonce in the code to execute the code, but they are already present there, and that’s how it works well on desktop. The problem is that on mobile it’s acting as if the hashes and nonces didn’t exist. Any tips are appreciated.