Class CspNonceExtensions
Extension methods for integrating CSP nonces with third-party CSP middleware.
Inheritance
Namespace: Umbraco.Cms.Web.Common.ApplicationBuilder
Assembly: Umbraco.Web.Common.dll
Syntax
public static class CspNonceExtensionsMethods
View SourceUseUmbracoCspNonceInjection(IApplicationBuilder)
Adds middleware that injects Umbraco's CSP nonce into an existing Content-Security-Policy header. Use this AFTER your CSP middleware (e.g., NWebsec) to add the nonce to the script-src directive.
Declaration
public static IApplicationBuilder UseUmbracoCspNonceInjection(this IApplicationBuilder app)Parameters
| Type | Name | Description |
|---|---|---|
| IApplicationBuilder | app | The application builder. |
Returns
| Type | Description |
|---|---|
| IApplicationBuilder | The application builder for chaining. |
Remarks
This middleware modifies the CSP header set by other middleware (like NWebsec) to include Umbraco's nonce value. Place this middleware AFTER your CSP middleware in the pipeline.
Example usage with NWebsec:
app.UseCsp(options => options
.DefaultSources(s => s.Self())
.ScriptSources(s => s.Self())
.StyleSources(s => s.Self().UnsafeInline()));
app.UseUmbracoCspNonceInjection(); // Add nonce to NWebsec's CSP header
app.UseUmbraco()...
UseUmbracoCspNonceInjection(IApplicationBuilder, Action<CspNonceInjectionOptions>)
Adds middleware that injects Umbraco's CSP nonce into an existing Content-Security-Policy header. Use this AFTER your CSP middleware (e.g., NWebsec) to add the nonce to the script-src directive.
Declaration
public static IApplicationBuilder UseUmbracoCspNonceInjection(this IApplicationBuilder app, Action<CspNonceInjectionOptions> configure)Parameters
| Type | Name | Description |
|---|---|---|
| IApplicationBuilder | app | The application builder. |
| Action<CspNonceInjectionOptions> | configure | Action to configure the nonce injection options. |
Returns
| Type | Description |
|---|---|
| IApplicationBuilder | The application builder for chaining. |