Content Security Policy (CSP) should use the nonce attribute

#### Do you want to request a _feature_ or report a _bug_?
Bug

#### What is the current behavior?
To support a CSP with a nonce today you need to pass it to `registry.styles({ nonce })` and set a `<meta property="csp-nonce" content={nonce} />` tag. By using the `content` attribute the nonce is not hidden. 

See this screenshot as an example, the nonce on the meta tag is visible (since it sets the nonce on `content`), but on the style tag it is hidden (since it sets the nonce on `nonce`):
![image](https://github.com/user-attachments/assets/5327443d-ebb8-4910-86f3-4405a7a6bd1e)

#### What is the expected behavior?
Best practice is instead to use `nonce` which will hide it and protect it from being stolen, [as seen here](https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/nonce#accessing_nonces_and_nonce_hiding).

#### Environment (include versions)

- Version of styled-jsx (or next.js if it's being used): Next 15.0.2
- Browser: N/A
- OS: N/A

#### Did this work in previous versions?
The `content` attribute seems to have been used since the original implementation: #482 

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Content Security Policy (CSP) should use the nonce attribute #854

Do you want to request a feature or report a bug?

What is the current behavior?

What is the expected behavior?

Environment (include versions)

Did this work in previous versions?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Content Security Policy (CSP) should use the nonce attribute #854

Description

Do you want to request a feature or report a bug?

What is the current behavior?

What is the expected behavior?

Environment (include versions)

Did this work in previous versions?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions