Closed adamtuliper closed 7 years ago
ashanhol
commented
7 years ago Here are docs for Nwebsec, but not specifically for .net core (haven't been written yet) https://docs.nwebsec.com/en/4.2/nwebsec/Configuring-csp.html?highlight=content%20security%20policy
ashanhol
commented
7 years ago Update: configured this but need to fix the UnsafeEval setting in startup.cs once we implement angular.js. Right now it's using a jquery template that's evaluating in code- we need to overwrite those.
Content Security Policy -Content-Security-Policy: default-src 'none'; style-src 'self'; img-src 'self'; -See if nsecweb (or whatever its called) supports this or we can set the header manually -consider limiting to scripts because of custom styles, images, files.