Nonce not working in asp.net core mvc

[Ephaltes]

Hi

I followed your guide on the readme but I cant get the nonce to work, unsafe inline is working fine.

I have created a testproject where I add the

services.AddCsp(nonceByteAmount: 32); in the configureservices section and the

app.usecsp in the Configure section with .AddNonce()

added the taghelper in the viewimport

and added the asp-add-nonce="true" to the script tag. It also get the auto completion for that tag.

but when i start the website i get an error that it violates the csp rules because the inline doesnt have a nonce.

I added the nonce in the index.cshtml

here the testproject to download : https://www.dropbox.com/sh/9ykavf5c0kik6j7/AABNY-Tsnm8WK3tftgw7lj9Sa?dl=0

[GeordieStew]

Same issue here.

[juunas11]

Okay, I'll try to have a look at it at some point.

[GeordieStew]

Cheers. Also, unrelated. Tried in aspnet core 3.0 and not getting the auto completion.

[bennycoomans]

I have the same issue. The nonce worked correctly in our project when it was a netcoreapp2.2, but after upgrading to a netcoreapp3.0 the `asp-add-nonce="true"' attributes are no longer replaced by the actual nonce value.

If you need a sample project (I would need to create one since our project is a private project), let me know.

[juunas11]

I've published version 3.0.0 on Nuget now that should fix the issues. I had to update some of the dependencies related to Razor to get it to work, similar to this other issue: https://github.com/Shazwazza/Smidge/issues/89. Try it out and see if your issue is solved, the sample app started functioning once I did those updates.

[bennycoomans]

Thanks, my issue is indeed resolved after using version 3.0.0.

[goekboet]

I have this problem still. My project is asp.net core 2.2 and using the 3.0.0 version of this library. The script tag ends up like Githubissues.

Githubissues is a development platform for aggregating issues.