ContentSecurityStrategy

ContentSecurityStrategy is an abstract class exposed by @abp/ng.core package. It helps you mark inline scripts or styles as safe in terms of Content Security Policy.

API

constructor

constructor(public nonce?: string)
  • nonce enables whitelisting inline script or styles in order to avoid using unsafe-inline in script-src and style-src directives.

applyCSP

applyCSP(element: HTMLScriptElement | HTMLStyleElement): void

This method maps the aforementioned properties to the given element.

LooseContentSecurityPolicy

LooseContentSecurityPolicy is a class that extends ContentSecurityStrategy. It requires nonce and marks given <script> or <style> tag with it.

NoContentSecurityPolicy

NoContentSecurityPolicy is a class that extends ContentSecurityStrategy. It does not mark inline scripts and styles as safe. You can consider it as a noop alternative.

Predefined Content Security Strategies

Predefined content security strategies are accessible via CONTENT_SECURITY_STRATEGY constant.

Loose

CONTENT_SECURITY_STRATEGY.Loose(nonce: string)

nonce will be set.

None

CONTENT_SECURITY_STRATEGY.None()

Nothing will be done.

See Also

Contributors


Last updated: April 07, 2020 Edit this page on GitHub

Was this page helpful?

Please make a selection.

To help us improve, please share your reason for the negative feedback in the field below.

Please enter a note.

Thank you for your valuable feedback!

Please note that although we cannot respond to feedback, our team will use your comments to improve the experience.

In this document
Community Talks

Building Modular Monolith Applications Using .NET and ABP Framework

17 Oct, 17:00
Online
Watch the Event
Mastering ABP Framework Book
Mastering ABP Framework

This book will help you gain a complete understanding of the framework and modern web application development techniques.

Learn More