-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Nonce support for other HTML elements that might have an inline style element #21
Comments
Thanks for bringing this up, I'll get it fixed up :) |
I'm not sure if Content Security Policy itself allows this. |
It looks like you're correct. That's unfortunate. :( |
Thanks a lot for using the library and taking the time to report this though :) |
No problem - it's a great library. These might be good options to add too... and very simple :) context.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
context.Response.Headers.Add("X-Xss-Protection", "1; mode=block");
context.Response.Headers.Add("X-Content-Type-Options", "nosniff");
context.Response.Headers.Add("Referrer-Policy", "strict-origin-when-cross-origin"); |
The Tag Helper doesn't apply the nonce to the following (among others)
The text was updated successfully, but these errors were encountered: