AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: Add CSP configuration to use CSPMiddleware and CSP nonce to script tags in several cshtml script

Browse Source
This commit is contained in:
Developer 02
2024-05-14 11:22:07 +02:00
parent 674d753735
commit 87a766a2e8
8 changed files with 26 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
EnvelopeGenerator.Web/Views/Home/EnvelopeLocked.cshtml
View File

@@ -1,4 +1,7 @@
@{
var nonce = _accessor.HttpContext?.Items["csp-nonce"] as string;
}
@{
ViewData["Title"] = "Dokument geschützt";
var userLanguage = ViewData["UserLanguage"] as string;
var languages = ViewData["Languages"] as string[];
@@ -50,7 +53,7 @@
</section>
</div>
<footer class="container" id="page-footer">&copy; SignFlow 2023-2024 <a href="https://digitaldata.works">Digital Data GmbH</a></footer>
<script>
<script nonce="@nonce">
$(document).ready(function () {
$('.select-flag').select2({
templateResult: formatResult,

3
EnvelopeGenerator.Web/Views/Home/EnvelopeSigned.cshtml
View File

@@ -1,7 +1,6 @@
@{
ViewData["Title"] = "Dokument unterschrieben";
}
<div class="page container p-5">
<header class="text-center">
<div class="icon signed">
@@ -12,10 +11,8 @@
</div>
<h1>Dokument erfolgreich signiert!</h1>
</header>
<section class="text-center">
<p>Sie haben das Dokument signiert. Im Anschluss erhalten Sie eine schriftliche Bestätigung.</p>
</section>
</div>
<footer class="container" id="page-footer">&copy; SignFlow 2023-2024 <a href="https://digitaldata.works">Digital Data GmbH</a></footer>

10
EnvelopeGenerator.Web/Views/Home/ShowEnvelope.cshtml
View File

@@ -1,4 +1,7 @@
@using DigitalData.Core.DTO;
@{
var nonce = _accessor.HttpContext?.Items["csp-nonce"] as string;
}
@using DigitalData.Core.DTO;
@using EnvelopeGenerator.Application.DTOs;
@model EnvelopeReceiverDto;
@{
@@ -42,7 +45,7 @@
</div>
</div>
</div>
<script>
<script nonce="@nonce">
const collapseNav = () => {
document.addEventListener('click', function (event) {
var navbarToggle = document.getElementById('navbarToggleExternalContent');
@@ -66,7 +69,7 @@
var envelopeKey = ViewData["EnvelopeKey"] as string;
<script>
<script nonce="@nonce">
var base64String = "@Html.Raw(documentBase64String.TrySanitize(_sanitizer))";
var byteCharacters = atob(base64String);
var byteNumbers = new Array(byteCharacters.length);
@@ -82,5 +85,4 @@
})
</script>
}
<div id='app' style='background: gray; width: 100vw; height: 100vh; margin: 0 auto;'></div>