commit 7c9b33625aeacb10128d39e8a389053e77b058c0
author Lukasz Lenart <lukaszlenart@apache.org> Wed Mar 06 07:07:33 2024 +0100
committer GitHub <noreply@github.com> Wed Mar 06 07:07:33 2024 +0100
tree 37c67cc26e4b36e1b00beef6ff2f83baceedf25c
parent df112b878d00e139874c72f74dc0044901d98ccd
parent 40b9ca3d00ce9de0466e4fcb4f6a9b69cbb10fc2

Merge pull request #230 from eschulma/patch-1

Update csp-interceptor.md

source/core-developers/csp-interceptor.md

diff --git a/source/core-developers/csp-interceptor.md b/source/core-developers/csp-interceptor.md
index 83b99f3..2f03623 100644
--- a/source/core-developers/csp-interceptor.md
+++ b/source/core-developers/csp-interceptor.md
@@ -25,11 +25,14 @@
 
 CSP is now supported by all major browsers. [More information about CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP).
 
+The interceptor adds a nonce value automatically to to `<s:script>` and `<s:link>` tags. This provides a painless way to
+implement CSP in a highly secure fashion.
+
 ## Parameters
 
 - `enforcingMode` (default `false`) - When set to "true", the enforce mode has been enabled, and the provided policy 
   is going to be enforced.
-- `reportUri` - an uri under, which the violations have to be reported.
+- `reportUri` - an uri under which the violations will be reported.
 - `prependServletContext` (default `true`) - a flag to prepend or not the Servlet context to the `reportUri`  
 
 ## Report action