[✨] nonce on styles

[tzdesign]

Is your feature request related to a problem?

No

Describe the solution you'd like

I know that unsafe-inline in in CSP for style tags is totally ok, but I wish to have the possibility to have the nonce there anyway.

The style-tags should render with nonce if the shared map has a value for @nonce set like:

ev.sharedMap.set('@nonce', nonce);

I would do this myself, but _appendHeadStyle is so basic without additional data than ID and style, that I have no idea how to get the global context here.

Describe alternatives you've considered

unsafe-inline is ok, also suggested by google.

If you do online-banking software or similar high security apps, It would be good to have all tags secured by nonce.

Additional context

No response

[manucorporat]

is the nonce also needed for CSR rendering? or only for SSR rendering?

[manucorporat]

This should make it easier to implement:
QwikDev/qwik#4478

[tzdesign]

Thanks @manucorporat
This looks awesome.

Let me have a look at it after my vacation next week.

[gioboa]

is it still valid?

[tzdesign]

Still valid. Nobody is using prober CSP I guess.