-
Notifications
You must be signed in to change notification settings - Fork 25.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No guidance for CSP #34351
Comments
🏂🎁 Happy Holidays! ❄️⛄Stand-by! ... A green dinosaur 🦖 will be along shortly to assist. |
Hello @akurone ... Open this for the product unit to take a look at ... https://github.com/dotnet/aspnetcore/issues Please add ...
... to the bottom of your opening comment so that I can follow along. I might re-open this for doc work depending on what they say. |
BTW @akurone ... The CSP article link is below in case you didn't see it, but I feel like it isn't going to help with your question because we only cover adding a One thing occurred to me that you might be able to control |
thanks @guardrex both for quick and detailed reply; i will make a repro (meanwhile try the head trick you mentioned) first than open the issue there. happy holidays! |
Sure thing. Yes, I think we would try to cover something about doing this. If you have success with controlling the CSP tag yourself via controlling Since I'm fairly certain that we do want to cover this subject, I'm going to re-open this issue and place it on hold for right now. |
hi @guardrex, i opened the issue. i fiddled around with the |
Description
Hello,
After updating my (WASM) Blazor project to .net9 and switching to map static assets, I have encountered problems with content security policy: due to security requirements of the project I have to send a rather strict policy that only enables safe sources to run on the page. But the I could not find a way to handle the
<ImportMap />
part with that CSP: it renders as an inline script tag (which is not allowed by CSP header) but contents of the inline script changes when the related output changes (fine for me but) so it cannot be excluded from CSP with a hash. I could not find any info for CSP on this page (also tried security section in Blazor docs); am I missing something?Page URL
https://learn.microsoft.com/en-us/aspnet/core/blazor/fundamentals/static-files?view=aspnetcore-9.0#import-maps
Content source URL
https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/blazor/fundamentals/static-files.md
Document ID
25458428-030f-6acb-457e-1b4dfa722043
Article author
@guardrex
Related Issues
The text was updated successfully, but these errors were encountered: