Sometime we have inline scripts need to allow the execution in a Content Security Policy (CSP), here is our JavaScript snippet:
<script>showHello();<script>
You could use openssl to generate the hash value, which will be installed by default on most linux system, just like below:
echo -n 'showHello();' | openssl sha256 -binary | openssl base64
If you use the entire code to compute the SHA-256 hash value, you'll get the value:
ziuYZCxAULHgmKBeN0a7ywKsu8z+0V9IXrJ+3I3pCKY=
Finally, we can add the hash to our Content-Security-Policy header, as example below:
script-src 'self' 'ziuYZCxAULHgmKBeN0a7ywKsu8z+0V9IXrJ+3I3pCKY='