asp-fallback-test & nonce attribute

panosru commented 4 years ago

Having checked the issue #19, which is kind of related to this, I wonder if there is a solution since a couple of years passed already.

The problem:

Having this:

<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM"
    asp-fallback-src="~/js/bootstrap.min.js"
    asp-fallback-test="window.jQuery && window.jQuery.fn && window.jQuery.fn.modal"
    crossorigin="anonymous" asp-add-nonce="true"></script>

Will generate this:

<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" 
        integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" 
        crossorigin="anonymous" nonce="x&#x2B;2R9PRWupQLWDUYp1vp3uGsAMPpOIouI2TfKcZdVxQ="></script>
<script>(window.jQuery && window.jQuery.fn && window.jQuery.fn.modal||document.write("\u003Cscript src=\u0022/js/bootstrap.min.js\u0022 crossorigin=\u0022anonymous\u0022\u003E\u003C/script\u003E"));</script>

Which will result into this:

Obviously the solution could be to ignore asp-fallback-* attributes and implement that by yourself, but I was wondering if there is a way for asp-fallback-test script that is generated to have nonce attribute when AddScriptSrc().WithNonce() is present.

Thank you!

daver77 commented 5 months ago

I've ran into the same issue, did you find a way to resolve this?

vels-sonata commented 4 days ago

Is there any work-around?

andrewlock / NetEscapades.AspNetCore.SecurityHeaders

asp-fallback-test & nonce attribute #73

The problem: