How I implemented a modern, best-practice, nonce-based strict Content-Security-Policy in a Spring/Thymeleaf app
