ContentSecurityStrategy is an abstract class exposed by @abp/ng.core package. It helps you mark inline scripts or styles as safe in terms of Content Security Policy.
constructor(public nonce?: string)nonceenables whitelisting inline script or styles in order to avoid usingunsafe-inlinein script-src and style-src directives.
applyCSP(element: HTMLScriptElement | HTMLStyleElement): voidThis method maps the aforementioned properties to the given element.
LooseContentSecurityPolicy is a class that extends ContentSecurityStrategy. It requires nonce and marks given <script> or <style> tag with it.
NoContentSecurityPolicy is a class that extends ContentSecurityStrategy. It does not mark inline scripts and styles as safe. You can consider it as a noop alternative.
Predefined content security strategies are accessible via CONTENT_SECURITY_STRATEGY constant.
CONTENT_SECURITY_STRATEGY.Loose(nonce: string)nonce will be set.
CONTENT_SECURITY_STRATEGY.None()Nothing will be done.