Just learning about all this, so this was very VERY helpful in understanding the use of "strict-dynamic", "nonce", and using them in conjunction with one another.

03:35 Templates 04:09 auto-escaping doesn't always work, django, rails, safe, react 05:29 HTTP header read list who can access resources on your page 06:11 pinterest, CSP script-src, whitelist 07:14 others directive 07:24 object-src

Thanks for nice explanation on CSP and nonce concepts

please put the resources in the description