ContentSecurityStrategy

ContentSecurityStrategy is an abstract class exposed by @abp/ng.core package. It helps you mark inline scripts or styles as safe in terms of Content Security Policy.

API

constructor

constructor(public nonce?: string)
  • nonce enables whitelisting inline script or styles in order to avoid using unsafe-inline in script-src and style-src directives.

applyCSP

applyCSP(element: HTMLScriptElement | HTMLStyleElement): void

This method maps the aforementioned properties to the given element.

LooseContentSecurityPolicy

LooseContentSecurityPolicy is a class that extends ContentSecurityStrategy. It requires nonce and marks given <script> or <style> tag with it.

NoContentSecurityPolicy

NoContentSecurityPolicy is a class that extends ContentSecurityStrategy. It does not mark inline scripts and styles as safe. You can consider it as a noop alternative.

Predefined Content Security Strategies

Predefined content security strategies are accessible via CONTENT_SECURITY_STRATEGY constant.

Loose

CONTENT_SECURITY_STRATEGY.Loose(nonce: string)

nonce will be set.

None

CONTENT_SECURITY_STRATEGY.None()

Nothing will be done.

See Also

In this document