Google Chrome Stripping nonce values from script tags
What’s described in the question is actually expected behavior — required per the HTML spec: https://html.spec.whatwg.org/multipage/#nonce-attributes:attr-nonce Elements that have a nonce content attribute ensure that the crytographic nonce is only exposed to script (and not to side-channels like CSS attribute selectors) by extracting the value from the content attribute, moving it into an internal slot … Read more