Added nonce to prerender script output to support CSP #761

New Issue

Closed

opened 2025-08-09 17:17:34 +00:00 by fergalmoran · 0 comments

fergalmoran commented 2025-08-09 17:17:34 +00:00

Owner

Copy Link

Originally created by @nilsgs on 5/15/2017

Currently we need to use script-src 'unsafe-inline' in the Content Security Policy header to get access to the global js object added to the page by the prerenderer.

I've added an optional asp-prerender-nonce attribute, to overcome this limitation.

*Originally created by @nilsgs on 5/15/2017* Currently we need to use `script-src 'unsafe-inline'` in the Content Security Policy header to get access to the global js object added to the page by the prerenderer. I've added an optional `asp-prerender-nonce` attribute, to overcome this limitation.

fergalmoran closed this issue 2025-08-09 17:17:34 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

rybrande/masterToSrc

pakrym/no-console-fb

release/2.2

pakrym/remove-obsole-api-usage

maestro/release/2.2

maestro/master

release/2.1

release/2.0

rybrande/MergeRelease21IntoDev

rel/2.0.0-extensions

angular-animations-example

fix-angular-material-publishing

rel/2.0.0-templates

httpwithstatetransfer-example

rel/2.0.0-preview2-templates

aspnet-webpack-react-2.x

angular4-prerender-data-example

version-1.x

angular2-lazy-loading-example

581-isomorphic-react-cookies-example

example-using-typescript-paths-for-494

v1.0.x

angular2-materialize-example

redux-typed-1-x

primeng-example

font-awesome-example

karma-testing-example

2.2.0

2.2.0-preview3

2.2.0-preview2

2.2.0-preview1

2.1.1

2.1.0

2.0.4

2.1.0-rc1-final

2.1.0-preview2-final

2.0.3

2.1.0-preview1-final

2.0.2

2.0.1

rel/2.0.0

rel/2.0.0-preview2

Labels

Clear labels

2 - Working

2 - Working

3 - Done

3 - Done

3 - Done

3 - Done

3 - Done

3 - Done

3 - Done

angular

angular

angular

angular

angular

bug

bug

bug

bug

bug

bug

bug

bug

bug

core

core

core

core

core

core

core

duplicate

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

external

external

P1

P1

P1

P1

P1

P1

P2

P2

P2

P2

P2

P2

P2

P2

P2

PRI: 1 - Required

react

react

task

task

up-for-grabs

up-for-grabs

up-for-grabs

waiting

waiting

waiting

waiting

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

fergalmoran

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/JavaScriptServices#761

No description provided.