Angular - Content Security Policy(CSP) support for inline style, eval etc
Question
Angular official has no recommendation over the approach and support towards Content Security Policy. Has anyone has solution towards a strict CSP site with angular?
1 answers
solution1
0 2020-04-24 18:09:17
You can use Meta class shipped with angular to add a Meta tag.
import { Meta } from '@angular/platform-browser';
....
constructor(private meta: Meta)
...
meta.addTag({http-equiv: 'Content-Security-Policy', content: `default-src 'self'; base-uri 'self'; ${moreFromVariable} `});
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Content Security Policy (CSP) not implemented in Angular
content security policy (CSP) not working with style-src self
Make Angular working with restrictive Content Security Policy (CSP)
Angular 5 & ASP.Net Core with (CSP) Content Security Policy
Dynamic CSP (Content Security Policy) connect-src in Angular
I added Content-Security-Policy to an new angular project and cleared everything but when I run the project it says "Refused to apply inline style"
Angular 12 CSS optimization inline event handler with Content Security Policy
Content Security Policy with Angular >= 8
Chrome extension with Angular: CSP inline-policy error. Refused to execute inline event handler
Whitelisting domains in Content Security Policy for Angular
Related Tags