I am working on a Next.js (Pages Router) application and need to configure Content Security Policy (CSP) to allow only specific scripts and blocking all others. The challenge is that my application dynamically loads scripts from various sources, including ads and third-party integrations. I want to set up CSP in such a way that only scripts from a defined list of trusted sources are allowed, and all other scripts are blocked.
I tried nonce but if i set it it also block my internal scripts.