CspProvider (ZK Kernel 10.3.0.FL.20260120 API)

All Known Implementing Classes:

CspProviderImpl
```
public interface CspProvider
```
Used to provide Content Security Policy (CSP) headers and nonces.
Developers can implement this interface to customize CSP header generation and nonce management for their applications.
The provider is responsible for:
- Setting appropriate CSP headers on HTTP responses based on the configuration
- Generating and managing cryptographically secure nonces for inline scripts
Since:

10.3.0

Author:

peakerlee

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method	Description
`java.lang.String`	`getCspNonce()`	Returns the current CSP nonce for use in inline scripts if no nonce is available.
`void`	`setCspHeader(Execution exec, Configuration config)`	Sets the CSP header for the given execution based on the configuration.

- Method Detail
  - setCspHeader
```
void setCspHeader(Execution exec,
                  Configuration config)
```
    Sets the CSP header for the given execution based on the configuration.
    The actual headers applied to depend on the provided configuration, including whether report-only mode is enabled and whether a custom policy is specified.
    
    Parameters:
    
    exec - the execution being processed
    
    config - the CSP configuration
    
    Since:
    
    10.3.0
  - getCspNonce
```
java.lang.String getCspNonce()
```
    Returns the current CSP nonce for use in inline scripts if no nonce is available.
    If a nonce has already been generated for the current execution, it is returned; otherwise, a new cryptographically secure, Base64-encoded nonce is generated. The nonce is typically used for inline script tags in strict-dynamic mode but can be retrieved regardless of the mode.
    
    Returns:
    
    the current CSP nonce
    
    Since:
    
    10.3.0