AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: Add CSP configuration to use CSPMiddleware and CSP nonce to script tags in several cshtml script

Browse Source
This commit is contained in:
Developer 02
2024-05-14 11:22:07 +02:00
parent 674d753735
commit 87a766a2e8
8 changed files with 26 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
EnvelopeGenerator.Web/appsettings.json
View File

@@ -11,9 +11,8 @@
}
},
"PSPDFKitLicenseKey": null,
/* recommended Content-Security-Policy for production:
"default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self';" */
"Content-Security-Policy": null,
/* The first format parameter {0} will be replaced by the nonce value. */
"Content-Security-Policy": "default-src 'self'; script-src 'self' 'nonce-{0}'; style-src 'self' 'nonce-{0}'; img-src 'self' data: https:; font-src 'self'; connect-src 'self' wss://localhost:44385 ws://localhost:61446; frame-src 'self'; media-src 'self'; object-src 'self';",
"AdminPassword": "dd",
"AllowedOrigins": [ "https://localhost:7202", "https://digitale.unterschrift.wisag.de/" ],
"NLog": {