EraCode practice

CSP for inline styles: add a nonce to your Cloudflare Worker HTML response

Cloudflareintermediatecoding

Summary

Return an HTML page from a **Cloudflare Worker** where a `<style>` tag is allowed by CSP without using `unsafe-inline`. - Generate a per-request nonce and apply it to the `<style>` tag. - Set a `Content-Security-Policy` header that allows only that nonce for `style-src`. - Keep everything else simple (just return the HTML + headers).

Problem preview

Return an HTML page from a **Cloudflare Worker** where a tag is allowed by CSP without using . - Generate a per-request nonce and apply it to the tag. - Set a header that allows only that nonce for .…

Attempt this challenge

Sign in to attempt the full challenge with timed AI grading, hints, and test feedback.

Sign in to attemptSee daily challenges