Merge pull request #1229 from ministryofjustice/enable-nonce

Enable nonce for CSP

config/initializers/content_security_policy.rb

@@ -21,8 +21,8 @@
   end
 #
 #   # Generate session nonces for permitted importmap and inline scripts
-  # config.content_security_policy_nonce_generator = ->(request) { request.session[:session_id] }
-  # config.content_security_policy_nonce_directives = %w(script-src)
+  config.content_security_policy_nonce_generator = ->(request) { request.session[:session_id] }
+  config.content_security_policy_nonce_directives = %w(script-src)
 #
 #   # Report violations without enforcing the policy.
     config.content_security_policy_report_only = true