json

//[doc-seo]
{
    "Description": "Learn how to safely implement Content Security Policy with the `ContentSecurityStrategy` class in ABP Framework for enhanced web security."
}

ContentSecurityStrategy

ContentSecurityStrategy is an abstract class exposed by @abp/ng.core package. It helps you mark inline scripts or styles as safe in terms of Content Security Policy.

API

constructor

constructor(public nonce?: string)

nonce enables whitelisting inline script or styles in order to avoid using unsafe-inline in script-src and style-src directives.

applyCSP

applyCSP(element: HTMLScriptElement | HTMLStyleElement): void

This method maps the aforementioned properties to the given element.

LooseContentSecurityPolicy

LooseContentSecurityPolicy is a class that extends ContentSecurityStrategy. It requires nonce and marks given <script> or <style> tag with it.

NoContentSecurityPolicy

NoContentSecurityPolicy is a class that extends ContentSecurityStrategy. It does not mark inline scripts and styles as safe. You can consider it as a noop alternative.

Predefined Content Security Strategies

Predefined content security strategies are accessible via CONTENT_SECURITY_STRATEGY constant.

Loose

CONTENT_SECURITY_STRATEGY.Loose(nonce: string)

nonce will be set.

None

CONTENT_SECURITY_STRATEGY.None()

Nothing will be done.

ContentSecurityStrategy

ContentSecurityStrategy

API

constructor

applyCSP

LooseContentSecurityPolicy

NoContentSecurityPolicy

Predefined Content Security Strategies

Loose

None

See Also