feat: Add CSP configuration to use CSPMiddleware and CSP nonce to script tags in several cshtml script

2024-05-14 11:22:07 +02:00
parent 674d753735
commit 87a766a2e8
8 changed files with 26 additions and 23 deletions
--- a/EnvelopeGenerator.Web/Views/Home/ShowEnvelope.cshtml
+++ b/EnvelopeGenerator.Web/Views/Home/ShowEnvelope.cshtml
@@ -1,4 +1,7 @@
-@using DigitalData.Core.DTO;
+@{
+    var nonce = _accessor.HttpContext?.Items["csp-nonce"] as string;
+}
+@using DigitalData.Core.DTO;
@using EnvelopeGenerator.Application.DTOs;
@model EnvelopeReceiverDto;
@{
@@ -42,7 +45,7 @@
        </div>
    </div>
 </div>
-<script>
+<script nonce="@nonce">
    const collapseNav = () => {
        document.addEventListener('click', function (event) {
            var navbarToggle = document.getElementById('navbarToggleExternalContent');
@@ -66,7 +69,7 @@

    var envelopeKey = ViewData["EnvelopeKey"] as string;

-    <script>
+    <script nonce="@nonce">
        var base64String = "@Html.Raw(documentBase64String.TrySanitize(_sanitizer))";
        var byteCharacters = atob(base64String);
        var byteNumbers = new Array(byteCharacters.length);
@@ -82,5 +85,4 @@
        })
    </script>
 }
-
 <div id='app' style='background: gray; width: 100vw; height: 100vh; margin: 0 auto;'></div>