public void AddContentSecurityPolicy(CSPOptions cspOptions)
        {
            var csp = cspOptions.ToString();

            if (cspOptions.HasNonce)
            {
                csp = csp.Replace("'nonce-'", $"'nonce-{nonceProvider.GetNonce()}'");
            }
            contextAccessor.HttpContext.Response.Headers.Add("Content-Security-Policy", csp);
        }
Exemple #2
0
 public ThreaxCSPTagHelper(CSPOptions options, ICspHeaderWriter cspHeaderWriter)
 {
     this.options         = options;
     this.cspHeaderWriter = cspHeaderWriter;
 }