aspnetcore-security-headers icon indicating copy to clipboard operation
aspnetcore-security-headers copied to clipboard

Published 20 hours ago verified publisher icon juunas11

Usage with a single page application

Open TheKnarf opened this issue 4 years ago • 3 comments

Can we use nonce's with a SPA application? We don't have any Razor view to modify to add the asp-add-nonce tag, instead, we somehow need the library to take the static files built by Webpack and modify them at runtime to add the nonce tokens.

Is this something this library can do?

TheKnarf avatar May 20 '20 08:05 TheKnarf

At the moment it can't, it only supports the tag helper approach :/

juunas11 avatar May 20 '20 08:05 juunas11

If I wanted to write my own function that hooked into the spa and rewrote the HTML to insert nonce, does this library export the functions I would need to call into to generate tags or are those hidden inside the library as private methods?

TheKnarf avatar May 20 '20 10:05 TheKnarf

You can inject ICspNonceService where you need the nonce for the current request :)

It's registered by services.AddCsp().

juunas11 avatar May 20 '20 11:05 juunas11