CSP Nonce example for Fun With Flags UI

advanced_nonce_plug_and_router.ex

defmofule MyAppWeb.NoncePlug do
  import Plug.Conn
  
  def init(opts \\ []), do: opts
  
  def call(conn, _opts) do    
    style_nonce = :crypto.strong_random_bytes(16) |> Base.encode64(padding: false)
    script_nonce = :crypto.strong_random_bytes(16) |> Base.encode64(padding: false)
    conn
    |> assign(:my_app_style_nonce, style_nonce)
    |> assign(:my_app_script_nonce, script_nonce)
  end
end

defmodule MyAppWeb.Router do
  use MyAppWeb, :router
  
  forward "/",
    FunWithFlags.UI.Router,
    namespace: "feature-flags",
    csp_nonce_assign_key: %{
      style: :my_app_style_nonce,
      script: :my_app_script_nonce
    }
  end

defmodule MyAppWeb.Endpoint do
  # ...
  plug(MyAppWeb.NoncePlug)
  # ...
  plug(MyAppWeb.Router)
end

simple_nonce_plug_and_router.ex

defmofule MyAppWeb.NoncePlug do
  import Plug.Conn
  
  def init(opts \\ []), do: opts
  
  def call(conn, _opts) do
    nonce = :crypto.strong_random_bytes(16) |> Base.encode64(padding: false)
    assign(conn, :my_app_nonce, nonce)
  end
end

defmodule MyAppWeb.Router do
  use MyAppWeb, :router
  
  forward "/",
    FunWithFlags.UI.Router,
    namespace: "feature-flags",
    csp_nonce_assign_key: :my_app_nonce
  end

defmodule MyAppWeb.Endpoint do
  # ...
  plug(MyAppWeb.NoncePlug)
  # ...
  plug(MyAppWeb.Router)
end