Comments (5)
The nonce
/ ngCspNonce
attribute is used within a <script>
and <style>
tag to allow inline scripts and styles that would otherwise be blocked by a Content Security Policy (CSP). It's not used for scripts with the src
attribute, as those are managed differently within the CSP.
External scripts that are referenced from a different file <script src="..."></script>
are typically allowed by specifying their source (domain) in the CSP's script-src
directive.
from angular-cli.
Transferring to the CLI, since it is the one inserting the script tags. This is ultimately a bit ambiguous; should the CLI extract ngCspNonce
attributes anywhere in the document, to apply to the inserted script tags? There could be multiple, although I suspect that's mostly a theoretical problem. Then, any post-processing logic to ingest a nonce dynamically should also be aware of those additional attributes to replace, instead of the just the ngCspNonce
attribute.
from angular-cli.
I am having the same issue. please help. thanks
from angular-cli.
This issue has been resolved via #27875 as it turns out that there are valid cases when script with a src
attribute need nonce
to be set.
from angular-cli.
This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.
Read more about our automatic conversation locking policy.
This action has been performed automatically by a bot.
from angular-cli.
Related Issues (20)
- Detection changes code not working HOT 5
- Remove protractor from @angular-devkit/build-angular HOT 5
- tsconfig.json "paths": {} resolution not working HOT 3
- Build error after upgrading from 18.0.6 to 18.2.3
- live reload fails when proxyConfig specifies location for root HOT 1
- Angular proxy fails when using Chrome devtools on the MacBook Pro HOT 16
- Cannot load routes containing '.html' with dev-server in Angular 18 HOT 1
- Esbuild builder doesn't copy assets in watch mode
- Angular 18 production build doesn't work with vendor source maps HOT 2
- Add A "remove component (ng rm c <componentName>)" option in Angular CLI HOT 1
- @angular-devkit/build-angular Depends on vulnerable versions of vite CVE-2024-45812 / CVE-2024-45811 HOT 10
- URI malformed issue from @angular-devkit's dependency library Vite HOT 5
- Feature Request: Shows port number in "Compiled Successfully" message when using ng serve, every time after recompiling. HOT 1
- ng serve returns 404 error when route ends with .html / .xhtml HOT 2
- Upgrading from Angular version 18.2.4 to 19.0.0-next.6 throws error Overload signatures must all be optional or required. [plugin angular-compiler] HOT 4
- Vite pre-transform error on ng serve depending on the first route loaded in 19.0.0.next-2 HOT 2
- Allow `.html` in URL in angular 18 like 'product/:slug.html' in when using @angular-devkit/build-angular:dev-server
- Building out-of-module TypeScript code HOT 2
- Native support to pass additionnal options to angular-compiler plugin HOT 2
- Angular 18, application builder is not creating runtime.js file. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from angular-cli.