A separate policy with more nonces works correctly with `strict-dynamic` in the script-src directive.

Summary

Harness status: OK

Found 2 tests

2 Pass

Result

Test Name

Message

Pass

Unnonced script injected via `appendChild` is not allowed with `strict-dynamic` + a nonce-only double policy.

Asserts run

Pass	assert_equals("script-src-elem", "script-src-elem") at Test.<anonymous> ( /content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html:31:17)

Pass

Script injected via `appendChild` with a correct nonce is allowed with `strict-dynamic` + a nonce-only double policy.

Asserts run

No asserts ran