Class CspScriptsBuilder

Helper functions for configuring content security policy rules related to JavaScript.

Inheritance

Object

CspDirectiveBuilder<ContentSecurityPolicyScriptSource>

CspSourceDirectiveBuilder<ContentSecurityPolicyScriptSource, CspScriptsBuilder>

CspUnsafeInlineSourceDirectiveBuilder<ContentSecurityPolicyScriptSource, CspScriptsBuilder>

CspScriptsBuilder

Inherited Members

CspUnsafeInlineSourceDirectiveBuilder<ContentSecurityPolicyScriptSource, CspScriptsBuilder>.AddNonce()

CspUnsafeInlineSourceDirectiveBuilder<ContentSecurityPolicyScriptSource, CspScriptsBuilder>.AllowUnsafeInline()

CspSourceDirectiveBuilder<ContentSecurityPolicyScriptSource, CspScriptsBuilder>.FromNowhere()

CspSourceDirectiveBuilder<ContentSecurityPolicyScriptSource, CspScriptsBuilder>.FromSelf()

CspSourceDirectiveBuilder<ContentSecurityPolicyScriptSource, CspScriptsBuilder>.From(String)

CspSourceDirectiveBuilder<ContentSecurityPolicyScriptSource, CspScriptsBuilder>.FromAnywhere()

CspSourceDirectiveBuilder<ContentSecurityPolicyScriptSource, CspScriptsBuilder>.FromAnywhereOverHttps()

CspSourceDirectiveBuilder<ContentSecurityPolicyScriptSource, CspScriptsBuilder>.FromData()

CspSourceDirectiveBuilder<ContentSecurityPolicyScriptSource, CspScriptsBuilder>.FromBlob()

CspSourceDirectiveBuilder<ContentSecurityPolicyScriptSource, CspScriptsBuilder>.FromFilesystem()

CspSourceDirectiveBuilder<ContentSecurityPolicyScriptSource, CspScriptsBuilder>.FromMediastream()

CspDirectiveBuilder<ContentSecurityPolicyScriptSource>.Directive

CspDirectiveBuilder<ContentSecurityPolicyScriptSource>.Build()

Object.Equals(Object)

System.Object.Equals(System.Object, System.Object)

System.Object.GetHashCode()

System.Object.GetType()

Object.MemberwiseClone()

System.Object.ReferenceEquals(System.Object, System.Object)

System.Object.ToString()

Namespace: IRM.AspNetCore.Http.Headers.Builder

Assembly: IRM.AspNetCore.Mvc.dll

Syntax

public class CspScriptsBuilder : CspUnsafeInlineSourceDirectiveBuilder<ContentSecurityPolicyScriptSource, CspScriptsBuilder>

Methods

AddHash(ContentSecurityPolicyHashAlgorithm, String)

Adds a hash of a script and adds it to the CSP header. Allows inline scripts that matches this hash.

Declaration

public CspScriptsBuilder AddHash(ContentSecurityPolicyHashAlgorithm algorithm, string base64Value)

Parameters

ContentSecurityPolicyHashAlgorithm algorithm The type of hash algorithm used to create the value.

String base64Value The base64 encoded value.

Returns

CspScriptsBuilder The builder for futher configuration.

Remarks

In CSP 2.0 this only applies to inline scripts, but in 3.0 it also applies for external scripts.

AllowUnsafeEval()

Allow usage of eval(). Do not enable unless you really need it.

Declaration

public CspScriptsBuilder AllowUnsafeEval()

Returns

CspScriptsBuilder The builder for futher configuration.

WithStrictDynamic()

Allow scripts that have been loaded with a trusted hash/nonce to load additional scripts. This enabled a "strict" mode for scripts, requiring a hash or nonce on all of them.

Declaration

public CspScriptsBuilder WithStrictDynamic()

Returns

CspScriptsBuilder The builder for futher configuration.