Comments (5)
This is working as expected; a nonce must be available synchronously during startup.
What's the reasoning for fetching a nonce via the server anyway? Why not generate it locally in the client? That can't normally be done for scripts (as it's a catch 22) but if you have the ability to execute code anyway, then I don't see why you'd need a server to generate a nonce...
from angular.
This is working as expected; a nonce must be available synchronously during startup.
What's the reasoning for fetching a nonce via the server anyway? Why not generate it locally in the client? That can't normally be done for scripts (as it's a catch 22) but if you have the ability to execute code anyway, then I don't see why you'd need a server to generate a nonce...
The reason why we're fetching a nonce it's because API side have a control over CSP policies (e.g. alowed chases, nonces e.t.c), Client side receive CSP policies via HTTP headers.
Are you suggesting to implement CSP policies for the styles on the Client side via meta tag ?
In that case, can we use injection of csp_nonce token for meta tag or we have to write some custom logic to populate csp policies there?
from angular.
Hi guys, any updates on this ?
from angular.
Hi guys, any updates on this ?
from angular.
If conceiving the nonce in the client is not an option for you, you can fetch it before bootstrapping Angular to account for the fact that CSP_NONCE
has to be provided synchronously.
from angular.
Related Issues (20)
- Differences in change detection between components using @for vs *ngFor HOT 1
- NgZoneSchedulingMode not exported HOT 1
- Page Not Found HOT 1
- Functions are missing from localForage after updating Angular to latest version HOT 2
- "updateOn: 'blur'" does not work in formBuilder/formControl HOT 11
- App-shell docs are out-of-date
- https://angular.dev/guide/security not found HOT 2
- Destroy component itself HOT 5
- Image lazy loading doesn't work in SSR when using ngTemplateOutlet and disabled hydration
- @angular/compiler `parseTemplate` fn does not properly parse `HTML` string element text content containing `@` HOT 2
- Angular 17 SSR: Slow server response time when using wildcard route HOT 5
- ERROR LOADING PAGES AFTER USE router.navigate
- SSR fails when root AppComponent in index.html is self-closing HOT 1
- foo = signal(''): if string is empty, !!foo () returns false HOT 1
- Form input mask provided by the framework HOT 6
- [Feature] Introduce Type-safe Token Providing HOT 6
- docs: `inject()` is missing all overloads
- Add distinction between model() and model.required() on type level HOT 1
- Standalone Component Exports HOT 1
- Set ViewEncapsulation per module HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from angular.