Joonas Westlin

icon indicating a website link https://joonasw.net

icon company Zure Ltd icon location Finland icon location Azure MVP, Entra ID and Azure PaaS are my specialities.

Results 45 comments of Joonas Westlin

No authenticationScheme was specified

Also I need to update this sample with that default forbid scheme because if it isn't set, the default challenge scheme is used as fallback. And we don't usually want...

Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive:

At the moment no. The rules are set for all routes. An improvement could be the ability to modify rules for that request in some kind of handler.

Add a tag helper to automatically put SHA hash into CSP - alternative to nonce

Yeah, it might be :) I'm not really sure how you'd implement that though since you'd have to somehow resolve the script content about to be sent, calculate the hash,...

Add Antiforgery Token to report violations post.

As far as I know, you cannot affect the violation report requests enough to include a CSRF token. Cookies should go with the request I think.

Add support for report-sample

This looks like it could be useful :) Accepting PRs for this, I don't have time to do this right now.

Internet explorer compability?

That could be a nice addition. I'll have to check how the standard one compares to that one.

Support new "report-to" directive and header.

I always appreciate PRs :)

Could you use the Microsoft.Identity.Web nuget package

I haven't tried, but I imagine it would not work as Functions middleware are very different. The way you access request data etc. are different.

Implemented Sha256Support instead of nonce

Thank you for the pull request. I will check it out in more detail once I have some time. There are a lot of code style issues though that must...

Add Nonce support for other HTML elements that might have an inline style element

Thanks for bringing this up, I'll get it fixed up :)