Contao Summit 2026 in Leipzig 15th and 16th October

csp_nonce - Twig Function

Info
This feature is available in Contao 5.3 and later.

This allows you to add CSP nonces for inline styles and scripts.

{# Generate nonce for inline JavaScript #}
<script{{ attrs().setIfExists('nonce', csp_nonce('script-src')) }}>
    alert('foo');
</script>

{# Generate nonce for inline styles #}
<style{{ attrs().setIfExists('nonce', csp_nonce('style-src')) }}>
    body {
        background-color: magenta;
    }
</style>

Arguments

  • directive: The CSP directive the nonce will be generated for.
Note

Contao overwrites the csp_nonce method from nelmio/security-bundle to which the call will also be forwarded to, if Contao’s CSP functionality is not active for the current request.