BLACK FRIDAY
From November 21
to December 02
99Days : 99Hrs : 99Min : 99Sec
SAVE UP TO$3K
Also valid for the
existing customers!
Version
Language

ContentSecurityStrategy

ContentSecurityStrategy is an abstract class exposed by @abp/ng.core package. It helps you mark inline scripts or styles as safe in terms of Content Security Policy.

API

constructor

constructor(public nonce?: string)
  • nonce enables whitelisting inline script or styles in order to avoid using unsafe-inline in script-src and style-src directives.

applyCSP

applyCSP(element: HTMLScriptElement | HTMLStyleElement): void

This method maps the aforementioned properties to the given element.

LooseContentSecurityPolicy

LooseContentSecurityPolicy is a class that extends ContentSecurityStrategy. It requires nonce and marks given <script> or <style> tag with it.

NoContentSecurityPolicy

NoContentSecurityPolicy is a class that extends ContentSecurityStrategy. It does not mark inline scripts and styles as safe. You can consider it as a noop alternative.

Predefined Content Security Strategies

Predefined content security strategies are accessible via CONTENT_SECURITY_STRATEGY constant.

Loose

CONTENT_SECURITY_STRATEGY.Loose(nonce: string)

nonce will be set.

None

CONTENT_SECURITY_STRATEGY.None()

Nothing will be done.

See Also

In this document
Mastering ABP Framework Book
Mastering ABP Framework