Spring Security Consider having ContentSecurityPolicyHeaderWriter supply a script nonce

In order to have inline scripts and use a strict CSP, it's important to provide a nonce.

Spring Security's ContentSecurityPolicyHeaderWriter could generate a nonce if a {nonce} placeholder is in the policy directive configuration.

Then, it could be made available as a request attribute for use in views.