/Knowledge/sources/honojs__hono/llms-full/secure-headers-middleware-setting-content-security-policy-nonce-attribute--part-03--c5a94cdb134f.md
Secure Headers Middleware: Setting Content-Security-Policy > nonce at...
Secure Headers Middleware: Setting Content Security Policy nonce attribute (part 03) Source evidence: /Sources/honojs hono/provenance.md Canonical citation:...
Secure Headers Middleware: Setting Content-Security-Policy > nonce attribute (part 03)
Source evidence: /Sources/honojs__hono/provenance.md Canonical citation: https://hono.dev/llms-full.txt#nonce-attribute
Summary
If you want to generate the nonce value yourself, you can also specify a function as the following: ```tsx const app = new Hono () const myNonceGenerator: ContentSecurityPolicyOptionHandler = (c) => { // This function is called on every...
Content
If you want to generate the nonce value yourself, you can also specify a function as the following:
const app = new Hono<{
Variables: { myNonce: string }
}>()
const myNonceGenerator: ContentSecurityPolicyOptionHandler = (c) => {
// This function is called on every request.
const nonce = Math.random().toString(36).slice(2)
c.set('myNonce', nonce)
return `'nonce-${nonce}'`
}
app.get(
'*',
secureHeaders({
contentSecurityPolicy: {
scriptSrc: [myNonceGenerator, 'https://allowed1.example.com'],
},
})
)
app.get('/', (c) => {
return c.html(
<html>
<body>
{/** contents */}
<script src='/js/client.js' nonce={c.get('myNonce')} />
</body>
</html>
)
})
Metadata
{
"chunk_index": 2,
"citation": "https://hono.dev/llms-full.txt#nonce-attribute",
"coverage_role": "overview",
"qualified_title": "Hono / llms-full / Secure Headers Middleware > Setting Content-Security-Policy > `nonce` attribute (3)",
"retrieved_at": "2026-07-02T05:51:01Z",
"section_index": 232,
"source_id": "/honojs/hono",
"source_type": "llms_full",
"target_label": "llms-full",
"title": "Secure Headers Middleware: Setting Content-Security-Policy > nonce attribute (part 03)",
"upstream_url": "https://hono.dev/llms-full.txt",
"version": "2026"
}