[Comment] Content Security Policy (CSP) for ASP.NET MVC

[RehanSaeed]

https://rehansaeed.com/content-security-policy-for-asp-net-mvc/

[RehanSaeed]

Daniel commented on 2017-08-31 13:26:25

Thank you so much for the time you put into writing this! You're awesome.

[RehanSaeed]

Alex commented on 2017-10-17 20:04:58

Excellent article! Was looking for some good explanations on NWebsec and CSP. Thank you.

[RehanSaeed]

Mahesh commented on 2018-03-21 17:00:09

This helped me to overcome the SignalR issue I had. Nice article and I am glad I found this straight away without wasting time.

[RehanSaeed]

Daniel Ávila Méndez commented on 2018-04-26 21:59:24

I'm trying use NWebsec setting script-src nonce in add tag inside (web.config), but in response, nonce appears without single quote (required). I'm using ASP.NET MVC (.NET Framework 4.5). Please help

[RehanSaeed]

Muhammad Rehan Saeed commented on 2018-04-27 09:25:18

I'm trying use NWebsec setting script-src nonce in add tag inside (web.config), but in response, nonce appears without single quote (required). I'm using ASP.NET MVC (.NET Framework 4.5). Please help

Try posting an issue in the NWebSec GitHub issues.

[RehanSaeed]

shiloh commented on 2018-10-22 20:55:38

Did hashes ever get added to the NWebSec library?

[RehanSaeed]

Muhammad Rehan Saeed commented on 2018-10-23 09:47:11

Did hashes ever get added to the NWebSec library?

No, I don't think so. Feel free to raise an issue on that project.

[RehanSaeed]

Qamaruddin commented on 2018-12-20 09:59:50

Thanks for going in-dept into CSP.

Are there any new updates to CSP which can be added to this blog.

[RehanSaeed]

Muhammad Rehan Saeed commented on 2018-12-20 10:35:30

Thanks for going in-dept into CSP.

Are there any new updates to CSP which can be added to this blog.

There are new versions of CSP with added features. I recommend doing some reading on the Mozilla site.

[RehanSaeed]

Fabian Mitchell commented on 2019-02-08 03:37:27

Just want to express my gratitude to you for writing this article. Helped solve my current problem really quickly. Cheers

[RehanSaeed]

jaipal commented on 2019-07-03 04:40:42

Can I implement csp header with meta tag in asp.net mvc.. I don't want to use nwebsec nuget package

[RehanSaeed]

Muhammad Rehan Saeed commented on 2019-07-16 10:16:00

Can I implement csp header with meta tag in asp.net mvc.. I don't want to use nwebsec nuget package

Yes you can.

[nnunes10]

Hello Rehan Saeed,

Thanks by this great article. I still have a question: Why do you use "style-src 'self' 'unsafe-inline';" in your content security police?

In this moment, i'm trying to use "style-src 'self'". I'm having an issue on style-src police when I perform validation on server side and add an error to my model.. It seems there is some limitation on asp.net mvc.

[RehanSaeed]

I still have a question: Why do you use "style-src 'self' 'unsafe-inline';" in your content security police?

In this case, you'd use unsafe-inline to include CSS directly in your HTML.

In this moment, i'm trying to use "style-src 'self'". I'm having an issue on style-src police when I perform validation on server side and add an error to my model.. It seems there is some limitation on asp.net mvc.

Not certain I can help you with that. I'd suggest posting a question on StackOverflow with a clear, concise and small example.