generate helmet config inside generator function so nonce is in context