Ajaxpro is used in my project, which will eventually generate some JavaScript code on the web page. Now I need to handle the inline JavaScript code with "content security policy header"
My purpose is as follows:
Before:
<script>
function fun(){
// some code generated by ajaxPro
}
</script>
After:
<script nonce='abcdefghijklmnopqrstuvwxyz'>
function fun(){
// some code generated by ajaxPro
}
</script>
I added the following configuration in the web.config file
<httpProtocol>
<customHeaders>
<add name ="Content-Security-Policy" value ="frame-ancestors myhost.com; script-src 'self' https://myhost.com 'unsafe-eval' 'unsafe-hashes' 'nonce-abcdefghijklmnopqrstuvwxyz';" />
</customHeaders>
</httpProtocol>
My question is: how can I add 'nonce' to the < script > tag generated by ajaxpro?
If you need more information, you can email me: [email protected]