You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
we are using express nodejs and helmet to set the contentSecurityPolicy(CSP). Now i want to read the nonce value which was generated in angular component.ts in step1 and set to scriptSrc.
app.use(helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "https://www.google-analytics.com/analytics.js", "'unsafe-eval'", "'???? How to set dynamic nonce??'"],
}
}));
am setting dynamic uuid value to nonce but unable to read the value and set it contentSecurityPolicy(CSP) nonce. getting error while loading the page.
is there any way to read the dynamically generated nonce value in angular component.ts and set it not the helmet.contentSecurityPolicy for the scriptSrc as "nonce-uuid"?
Expected behavior
The helmet.contentSecurityPolicy should set the dynamic nonce value to the scriptSrc.
Error Details
Refused to run the JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self' https://www.google-analytics.com/analytics.js 'unsafe-eval' ". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
The text was updated successfully, but these errors were encountered:
Hi Team,
Problem Description
am setting dynamic uuid value to nonce but unable to read the value and set it contentSecurityPolicy(CSP) nonce. getting error while loading the page.
is there any way to read the dynamically generated nonce value in angular component.ts and set it not the helmet.contentSecurityPolicy for the scriptSrc as "nonce-uuid"?
Expected behavior
The helmet.contentSecurityPolicy should set the dynamic nonce value to the scriptSrc.
Error Details
Refused to run the JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self' https://www.google-analytics.com/analytics.js 'unsafe-eval' ". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.
The text was updated successfully, but these errors were encountered: