Files
agentic-dev/apps/cms
Danijel Martinek cd61b31e65 fix(cms): thread a per-request nonce through the admin CSP
The prod CSP emitted script-src 'strict-dynamic' with no nonce seed,
blocking every Payload admin script (A8). Reuse the shared nonce-based
withSecurityHeaders: Payload admin pages are always dynamically
rendered, so Next propagates the nonce read from the forwarded
request's CSP header onto the admin's scripts.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-10 17:25:04 +02:00
..