Joonas Westlin

I'm not sure if Content Security Policy itself allows this. I generated a nonce on a `` element with an inline style, and it still caused a CSP violation. I...

Thanks a lot for using the library and taking the time to report this though :)

Thanks for the contribution :) I'd like to just clear up what is the correct schema for the Report-To header. Seems like MDN and the W3C spec differ slightly: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-to#Examples...

Great minds think alike etc :smiley: I could rename to like `UseStrictTransportSecurity()`, but it'd be a breaking change :(

At the moment it can't, it only supports the tag helper approach :/

You can inject ICspNonceService where you need the nonce for the current request :) It's registered by services.AddCsp().

There is a possibility that the storage format has changed in some way for MSAL.js and that would mean it does not correctly recognize the cached tokens injected by the...

Feel free to make a PR :) I can also have a look at it, but I won't have time to do this right now.

Hi! Well the easiest option is to open the solution in Visual Studio on Windows. Another choice is to use Visual Studio Code, though you can basically run the app...

Hmm.. This requires some more looking into. Probably we can get the application path through something so we can add the prefix to the URL.