ContentSecurityStrategy is an abstract class exposed by @abp/ng.core package. It helps you mark inline scripts or styles as safe in terms of Content Security Policy.
constructor(public nonce?: string)
nonceenables whitelisting inline script or styles in order to avoid using
unsafe-inlinein script-src and style-src directives.
applyCSP(element: HTMLScriptElement | HTMLStyleElement): void
This method maps the aforementioned properties to the given
LooseContentSecurityPolicy is a class that extends
ContentSecurityStrategy. It requires
nonce and marks given
<style> tag with it.
NoContentSecurityPolicy is a class that extends
ContentSecurityStrategy. It does not mark inline scripts and styles as safe. You can consider it as a noop alternative.
Predefined Content Security Strategies
Predefined content security strategies are accessible via
nonce will be set.
Nothing will be done.
Thank you for your valuable feedback!
Please note that although we cannot respond to feedback, our team will use your comments to improve the experience.