mirror of https://github.com/abpframework/abp
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1.7 KiB
1.7 KiB
ContentSecurityStrategy
ContentSecurityStrategy is an abstract class exposed by @abp/ng.core package. It helps you mark inline scripts or styles as safe in terms of Content Security Policy.
API
constructor
constructor(public nonce?: string)
nonceenables whitelisting inline script or styles in order to avoid usingunsafe-inlinein script-src and style-src directives.
applyCSP
applyCSP(element: HTMLScriptElement | HTMLStyleElement): void
This method maps the aforementioned properties to the given element.
LooseContentSecurityPolicy
LooseContentSecurityPolicy is a class that extends ContentSecurityStrategy. It requires nonce and marks given <script> or <style> tag with it.
NoContentSecurityPolicy
NoContentSecurityPolicy is a class that extends ContentSecurityStrategy. It does not mark inline scripts and styles as safe. You can consider it as a noop alternative.
Predefined Content Security Strategies
Predefined content security strategies are accessible via CONTENT_SECURITY_STRATEGY constant.
Loose
CONTENT_SECURITY_STRATEGY.Loose(nonce: string)
nonce will be set.
None
CONTENT_SECURITY_STRATEGY.None()
Nothing will be done.