ContentSecurityStrategy

ContentSecurityStrategy is an abstract class exposed by @abp/ng.core package. It helps you mark inline scripts or styles as safe in terms of Content Security Policy.

API

constructor

constructor(public nonce?: string)
JavaScript
  • nonce enables whitelisting inline script or styles in order to avoid using unsafe-inline in script-src and style-src directives.

applyCSP

applyCSP(element: HTMLScriptElement | HTMLStyleElement): void
JavaScript

This method maps the aforementioned properties to the given element.

LooseContentSecurityPolicy

LooseContentSecurityPolicy is a class that extends ContentSecurityStrategy. It requires nonce and marks given <script> or <style> tag with it.

NoContentSecurityPolicy

NoContentSecurityPolicy is a class that extends ContentSecurityStrategy. It does not mark inline scripts and styles as safe. You can consider it as a noop alternative.

Predefined Content Security Strategies

Predefined content security strategies are accessible via CONTENT_SECURITY_STRATEGY constant.

Loose

CONTENT_SECURITY_STRATEGY.Loose(nonce: string)
JavaScript

nonce will be set.

None

CONTENT_SECURITY_STRATEGY.None()
JavaScript

Nothing will be done.

See Also

Contributors

Avatar hikalkan
Last updated: July 31, 2024 Edit this page on GitHub

Was this page helpful?

Please make a selection.

To help us improve, please share your reason for the negative feedback in the field below.

Please enter a note.

Thank you for your valuable feedback!

Please note that although we cannot respond to feedback, our team will use your comments to improve the experience.

In this document
Community Talks

Deep Dive #1: Identity&Account Modules

17 Apr, 17:00
Online
Watch the Event
Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
Do you need assistance from an ABP expert?
Schedule a Meeting
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book