public void AddContentSecurityPolicy(CSPOptions cspOptions) { var csp = cspOptions.ToString(); if (cspOptions.HasNonce) { csp = csp.Replace("'nonce-'", $"'nonce-{nonceProvider.GetNonce()}'"); } contextAccessor.HttpContext.Response.Headers.Add("Content-Security-Policy", csp); }
public ThreaxCSPTagHelper(CSPOptions options, ICspHeaderWriter cspHeaderWriter) { this.options = options; this.cspHeaderWriter = cspHeaderWriter; }