codeigniter4
diff --git a/‎changelogs/v4.7.1.html‎
Lines changed: 1 addition & 0 deletions b/‎changelogs/v4.7.1.html‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎searchindex.js‎
Lines changed: 1 addition & 1 deletion b/‎searchindex.js‎
Lines changed: 1 addition & 1 deletion
@@ -345,6 +345,7 @@ <h2><a class="toc-backref" href="#id7" role="doc-backlink">Bugs Fixed</a><a clas
 <ul class="simple">
 <li><p><strong>ContentSecurityPolicy:</strong> Fixed a bug where custom CSP tags were not removed from generated HTML when CSP was disabled. The method now ensures that all custom CSP tags are removed from the generated HTML.</p></li>
 <li><p><strong>ContentSecurityPolicy:</strong> Fixed a bug where <code class="docutils literal notranslate"><span class="pre">generateNonces()</span></code> produces corrupted JSON responses by replacing CSP nonce placeholders with unescaped double quotes. The method now automatically JSON-escapes nonce attributes when the response Content-Type is JSON.</p></li>
+<li><p><strong>ContentSecurityPolicy:</strong> Fixed a bug where nonces generated by <code class="docutils literal notranslate"><span class="pre">getScriptNonce()</span></code> and <code class="docutils literal notranslate"><span class="pre">getStyleNonce()</span></code> were not added to the <code class="docutils literal notranslate"><span class="pre">script-src-elem</span></code> and <code class="docutils literal notranslate"><span class="pre">style-src-elem</span></code> directives, causing nonces to be silently ignored by browsers when those directives were present.</p></li>
 <li><p><strong>Database:</strong> Fixed a bug where <code class="docutils literal notranslate"><span class="pre">BaseConnection::callFunction()</span></code> could double-prefix already-prefixed function names.</p></li>
 <li><p><strong>Database:</strong> Fixed a bug where <code class="docutils literal notranslate"><span class="pre">BasePreparedQuery::prepare()</span></code> could mis-handle SQL containing colon syntax by over-broad named-placeholder replacement. It now preserves PostgreSQL cast syntax like <code class="docutils literal notranslate"><span class="pre">::timestamp</span></code>.</p></li>
 <li><p><strong>Model:</strong> Fixed a bug where <code class="docutils literal notranslate"><span class="pre">BaseModel::updateBatch()</span></code> threw an exception when <code class="docutils literal notranslate"><span class="pre">updateOnlyChanged</span></code> was <code class="docutils literal notranslate"><span class="pre">true</span></code> and the index field value did not change.</p></li>