ContentSecurityPolicy options #47
Assignees
Labels
Comments
|
This is a good idea. Will look into adding this when time permits. Thanks for the information. |
|
After looking at the CSP spec closer. I can't allow this as library default. But i think i can expose a method for users to supply there own values if they choose to use it. This will be included in a future update. |
|
Sure thing, I was also thinking that it would be an optional thing that could be applied if it fit in your specific scenario (specifying the nonce, sha etc when integrating in the Razor view) |
|
This has been added to 3.0.2. See docs for example. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for the great library.
Would you consider some support for handling ContentScurityPolicies as part of the library?
When I am integrating this, I need to adjust our CSP headers and add a few google sites (see https://developers.google.com/recaptcha/docs/faq#im-using-content-security-policy-csp-on-my-website.-how-can-i-configure-it-to-work-with-recaptcha). Would it be possible to allow for optionally setting the nonces to support both for the scripts loaded from google but also for the inline script (which seem to require the
unsafe-linevalue to be added to thescript-src)?The text was updated successfully, but these errors were encountered: