Fix CSP for script-src with nonce on edge

[juliusknorr]

This fixes issues that may occur using MS Edge where the usage of a nonce for script-src was not indicated in the CSP headers.

https://learn.microsoft.com/en-us/microsoft-edge/web-platform/user-agent-guidance

Short summary for the user agent pattern, Edg/<Version> is the new way to detect instead of Edge/<Version>

• fix: Adjust user agent pattern for Edge
• fix: Add edge as supported user agent for CSPv3 nonces
• fix: Allow nonce in csp header also if no other reasons are given

Checklist

• Code is properly formatted
• Sign-off message is added to all commits
• Tests (unit, integration, api and/or acceptance) are included
• Screenshots before/after for front-end changes
• Documentation (manuals or wiki) has been updated or is not required
• Backports requested where applicable (ex: critical bugfixes)

[susnux]

Alternative would be to throw away browserSupportsCspV3 and instead always use the nonce #10207

It seems like all our supported browsers support CSP nonce, if you find a browser that does not it probably will also not be able to parse our JS code.

[juliusknorr]

Makes sense, I'd still like to keep the commits here to be able to backport them to 28 and only do the full removal for master then.

[susnux]

Makes sense, I'd still like to keep the commits here to be able to backport them to 28 and only do the full removal for master then.

Sounds good, so just fixup the commits :)

[juliusknorr]

/backport to stable28

[Orchal]

Hi, it should, the pull request has been merged! I did not test yet