Script Manager Output Caching

[whitter]

The current caching of the Script Manager view output is causing issues when mixed with CSP Manager.

So for instance when wanting to apply CSP nonce for Google Tag Manger we would create a custom view to override the default GTM HeadBottom.cshtml view from Script Manager to added the extra bit of JS to configure the nonce.

When using CSP Manager this nonce creation is handled with a tag helper so when end up with a view template like this:

@model string
<!-- Google Tag Manager -->
<script csp-manager-add-nonce="true">(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
        new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
        j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
        'https://www.googletagmanager.com/gtm.js?id='+i+dl;var n=d.querySelector('[nonce]');
        n&&j.setAttribute('nonce',n.nonce||n.getAttribute('nonce'));f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','@Model');</script>
<!-- End Google Tag Manager -->

CSP Manager will then keep track of the creation of nonce on the HttpContext and its middleware will output the CSP response headers based on the state of the data in the context. With the caching of the view output in Script Manager, subsequent request do not create the context data that CSP Manager expects and no nonce is output in the CSP header.

Based on my understanding of the Script Manager code the caching could be removed (or toggled on/off with a setting) with no detrimental affect.