xibo-cms icon indicating copy to clipboard operation
xibo-cms copied to clipboard

Published 20 hours ago verified publisher icon xibosignage

Strict CSP

Open dasgarner opened this issue 11 months ago • 0 comments

This strict CSP works via a Middleware generating a nonce which is subsequently output in the CSP header. That nonce is then pushed through into the Request and Theme so that it can be used on every script tag.

The tricky bit is where a user provides script tags as part of a widget (e.g. embedded widget). In that case Widget HTML renderer takes care of adding nonce for previewing.

fixes xibosignageltd/xibo-private#654

dasgarner avatar Mar 19 '24 17:03 dasgarner