Bugs

Nonced tag helpers including nonce directive in csp has potential to break applications

Problem

Given an application with inline script tags, and a CSP that allows them with 'unsafe-inline', using nonced_javascript_tag will cause a nonce directive to appear in the CSP header. Modern browsers will then ignore the 'unsafe-inline' directive and all other script tags without a nonce will cease to be executed.