diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php
index 4cf4b2a4d..e67cb25cf 100644
--- a/views/bootstrap/class.Bootstrap.php
+++ b/views/bootstrap/class.Bootstrap.php
@@ -33,6 +33,7 @@ class SeedDMS_Bootstrap_Style extends SeedDMS_View_Common {
 		parent::__construct($params, $theme);
 		$this->extraheader = array('js'=>'', 'css'=>'');
 		$this->footerjs = array();
+		$this->nonces = array();
 	}
 
 	/**
@@ -57,11 +58,16 @@ class SeedDMS_Bootstrap_Style extends SeedDMS_View_Common {
 			 * Content-Security-Policy since version 23+
 			 * 'worker-src blob:' is needed for cytoscape
 			 */
-			$csp_rules = "script-src 'self' 'unsafe-eval';";
-			$csp_rules .= "worker-src blob:;";
+			$csp_rules = '';
+			$csp_rules .= "script-src 'self' 'unsafe-eval'";
+			if($this->nonces) {
+				$csp_rules .= " 'nonce-".implode("' 'nonce-", $this->nonces)."'";
+			}
+			$csp_rules .= ";";
+			$csp_rules .= " worker-src blob:;";
 			//$csp_rules .= "style-src 'self';";
 			/* Do not allow to embed myself into frames on foreigns pages */
-			$csp_rules .= "frame-ancestors 'self';";
+			$csp_rules .= " frame-ancestors 'self';";
 			foreach (array("X-WebKit-CSP", "X-Content-Security-Policy", "Content-Security-Policy") as $csp) {
 				header($csp . ": " . $csp_rules);
 			}
@@ -145,6 +151,12 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
 		$this->extraheader[$type] .= $head;
 	} /* }}} */
 
+	function htmlAddJsHeader($script) { /* {{{ */
+		$nonce = createNonce();
+		$this->nonces[] = $nonce;
+		$this->extraheader['js'] .= '<script type="text/javascript" src="'.$script.'" nonce="'.$nonce.'"></script>'."\n";
+	} /* }}} */
+
 	function htmlEndPage($nofooter=false) { /* {{{ */
 		if(!$nofooter) {
 			$hookObjs = $this->getHookObjects('SeedDMS_View_Bootstrap');