Hi, https://github.com/apache/wicket/blob/e9461b0d115a7dbf4992596823521f6e038817d9/wicket-core/src/main/java/org/apache/wicket/core/random/ISecureRandomSupplier.java#L60
This is the relevant code. It looks OK to me. Attachments are not allowed in the mailing list. Could you please copy/paste a nonce instance which is non-base64 according to Kali Linux ? Also please check that you don't use a custom NonceCreator - https://github.com/apache/wicket/blob/e9461b0d115a7dbf4992596823521f6e038817d9/wicket-core/src/main/java/org/apache/wicket/csp/ContentSecurityPolicySettings.java#L102 Martin On Thu, Jan 4, 2024 at 4:51 AM sundar saba <sundarsabapa...@gmail.com> wrote: > Hi all, > I applied a strict content security policy to my application > using wicket after I tested my application using Kali Linux to check for > vulnerabilities. The tool provides the report with an info message "Nonces > should only use the base64 charset" regarding the info message needed to > configure any properties in CSP. I attached the report screenshot . Can you > all please give your suggestions. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org