CSP Warning for http:'nonce-......'

We are getting a warning for the CSP.

Content-Security-Policy: Failed to parse unrecognised source http:'nonce-CsqgAsImcPbw75pXcaCQ8pd2nV9Pbsma'

We are using the default CSP Integration, I don’t remember seeing this previously, so it might be a recent error.

Any ideas anyone?

Where are you seeing this warning? I tried visiting your site and didn’t see anything.

Hi hrishikesh thanks for your reply, I should have mentioned the warning was in the browser console, but it seems only in Firefox (not Chrome or Safari)
Content-Security-Policy: Failed to parse unrecognised source http:'nonce-0Mz+C7I2cBxSy/lHNNZ4FiKw3DmQZEJc'

Maybe it is just a browser issue?

Actually, it also appears in the Lighthouse Report on Chrome and Firefox

The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'http:'nonce-N22NBsjFYA9PvsIO0QYRLTwEHcUd53re''. It will be ignored.

Any ideas?

hi are you still having issues with this? Sorry we missed this response on your thread.

Hi SamO, yes still a similar issue on Firefox, but it has changed, no longer the nonce error but:

Content-Security-Policy: Ignoring “'unsafe-inline'” within script-src: ‘strict-dynamic’ specified shoesforindustry.net
Content-Security-Policy: Ignoring “'self'” within script-src: ‘strict-dynamic’ specified shoesforindustry.net
Content-Security-Policy: Ignoring “https:” within script-src: ‘strict-dynamic’ specified shoesforindustry.net
Content-Security-Policy: Ignoring “http:” within script-src: ‘strict-dynamic’ specified shoesforindustry.net
Content-Security-Policy: Ignoring “'unsafe-inline'” within script-src: nonce-source or hash-source specified

It’s likely a Firefox issue: javascript - Content security policy including a script - Stack Overflow