Activities of "giovanny.saray@softwareone.com"

All Question Answer
Newest Oldest
How to implement safe CSP for Angular? #4337
Question
  • ABP Framework version: v6.0.2
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

Hi, we have deployed the ABP application in Azure for security testing with the following CSP setup for angular.

"Content-Security-Policy": "connect-src authserverDemo-dev.azurewebsites.net backApiDemo-dev.azurewebsites.net; font-src 'self' fonts.gstatic.com; img-src 'self' abp.io data:; script-src-attr; script-src-elem 'self'; style-src-elem 'self' fonts.googleapis.com; form-action 'none'; frame-ancestors 'none'",

With this configuration we have problems because of the embedded scripts and styles.

We are looking for a way we can configure the CSP policy without using unsafe-inline and we found this reference (https://docs.abp.io/en/abp/latest/UI/Angular/Content-Security-Strategy), but we did not find a clear example of how it could be used.

Is there an example of how to implement the CSP policy for Angular in a safe way (without using unsafe-inline) and without blocking the embedded styles and scripts?

Showing 1 to 1 of 1 entries
Made with ❤️ on ABP v8.2.0-preview Updated on March 25, 2024, 15:11