diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
index 795d8cc8642b4481ed8d8c66ec8b723a663393f5..f4743369e6e619eaffc53e2b9ad2e66a9f52cb27 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
@@ -58,7 +58,11 @@ class ContentSecurityPolicyNonceManager {
 	 */
 	public function getNonce(): string {
 		if($this->nonce === '') {
-			$this->nonce = base64_encode($this->csrfTokenManager->getToken()->getEncryptedValue());
+			if (empty($this->request->server['CSP_NONCE'])) {
+				$this->nonce = base64_encode($this->csrfTokenManager->getToken()->getEncryptedValue());
+			} else {
+				$this->nonce = $this->request->server['CSP_NONCE'];
+			}
 		}
 
 		return $this->nonce;
diff --git a/tests/lib/Security/CSP/ContentSecurityPolicyNonceManagerTest.php b/tests/lib/Security/CSP/ContentSecurityPolicyNonceManagerTest.php
index 3211a5284f8ef6f89eb6c6d3cdabc6b133d8f6b9..705a0b22db88d73fd348ffbd6c438f15b337ca5f 100644
--- a/tests/lib/Security/CSP/ContentSecurityPolicyNonceManagerTest.php
+++ b/tests/lib/Security/CSP/ContentSecurityPolicyNonceManagerTest.php
@@ -21,23 +21,26 @@
 
 namespace Test\Security\CSP;
 
+use OC\AppFramework\Http\Request;
 use OC\Security\CSP\ContentSecurityPolicyNonceManager;
 use OC\Security\CSRF\CsrfToken;
 use OC\Security\CSRF\CsrfTokenManager;
-use OCP\IRequest;
 use Test\TestCase;
 
 class ContentSecurityPolicyNonceManagerTest extends TestCase  {
 	/** @var CsrfTokenManager */
 	private $csrfTokenManager;
+	/** @var Request */
+	private $request;
 	/** @var ContentSecurityPolicyNonceManager */
 	private $nonceManager;
 
 	public function setUp() {
 		$this->csrfTokenManager = $this->createMock(CsrfTokenManager::class);
+		$this->request = $this->createMock(Request::class);
 		$this->nonceManager = new ContentSecurityPolicyNonceManager(
 			$this->csrfTokenManager,
-			$this->createMock(IRequest::class)
+			$this->request
 		);
 	}
 
@@ -56,4 +59,20 @@ class ContentSecurityPolicyNonceManagerTest extends TestCase  {
 		$this->assertSame('TXlUb2tlbg==', $this->nonceManager->getNonce());
 		$this->assertSame('TXlUb2tlbg==', $this->nonceManager->getNonce());
 	}
+
+	public function testGetNonceServerVar() {
+		$token = 'SERVERNONCE';
+		$this->request
+			->method('__isset')
+			->with('server')
+			->willReturn(true);
+
+		$this->request
+			->method('__get')
+			->with('server')
+			->willReturn(['CSP_NONCE' => $token]);
+
+		$this->assertSame($token, $this->nonceManager->getNonce());
+		$this->assertSame($token, $this->nonceManager->getNonce());
+	}
 }