Use a base64 hash if a nonce isn't available in the session

config/initializers/content_security_policy.rb

@@ -55,7 +55,7 @@
   # Suggested nonce generator doesn't work on first page load https://github.com/rails/rails/issues/48463
   # Related PR attempting to fix: https://github.com/rails/rails/pull/48510
   request.session.send(:load_for_write!) # force session to be created
-  request.session.id.to_s.presence || raise("No session ID available in #{request.inspect}")
+  request.session.id.to_s.presence || SecureRandom.base64(16)
 }
 Rails.application.config.content_security_policy_nonce_directives = %w[script-src style-src]