logo
Welcome to our new AbleCommerce forums. As a guest, you may view the information here. To post to this forum, you must have a registered account with us, either as a new user evaluating AbleCommerce or an existing user of the application. For all questions related to the older version of Gold and earlier, please go to AbleCommerce Gold forum. Please use your AbleCommerce username and password to Login. New Registrations are disabled.

Notification

Icon
Error
Implementing Content Security Policy
Options
Go to last post Go to first unread
Previous Topic Next Topic
judy at Web2Market  
#1 Posted : Wednesday, January 4, 2023 7:44:03 AM(UTC)
judy at Web2Market

Rank: Advanced Member

Groups: Developers
Joined: 11/7/2018(UTC)
Posts: 289

Thanks: 21 times
Was thanked: 5 time(s) in 5 post(s)
We have a site where the parent company requires them to implement a CSP. I'm able to handle most of it using NWebSec. I'm able to put a nonce on the code that is output for the script bundles when the site is in release mode, but I need to add nonces to the individual scripts when the site is in debug mode so the site doesn't break if someone has to set it to debug mode for troubleshooting. When the scripts are not bundled, how are they added to the page? I can find the ones like the following:
<script src="/Able9B7369Test2/Themes/Sample/Scripts/bootstrap-hover-dropdown.min.js"nonce="Z0zxA+tIUkwo7fv0R7+sBLXv" defer></script>
<script src="/Able9B7369Test2/Themes/Sample/Scripts/SmoothScroll.js"nonce="Z0zxA+tIUkwo7fv0R7+sBLXv" defer></script>
<script src="/Able9B7369Test2/Themes/Sample/Scripts/custom.js"nonce="Z0zxA+tIUkwo7fv0R7+sBLXv" defer></script>

But I can't find where the standard scripts are added- the ones that would have been bundled, like the following.
<script src="/Able9B7369Test2/Scripts/jquery-3.6.0.min.js"></script>
<script src="/Able9B7369Test2/Scripts/jquery-ui.min.js"></script>
<script src="/Able9B7369Test2/Scripts/jquery.unobtrusive-ajax.min.js"></script>
<script src="/Able9B7369Test2/Scripts/jquery.validate.min.js"></script>
<script src="/Able9B7369Test2/Scripts/jquery.validate.unobtrusive.min.js"></script>
<script src="/Able9B7369Test2/Scripts/bootstrap.min.js"></script>
<script src="/Able9B7369Test2/Scripts/jquery.equalheights.js"></script>
<script src="/Able9B7369Test2/scripts/expressive.annotations.validate.min.js"></script>
<script src="/Able9B7369Test2/Scripts/sweetalert/sweetalert.min.js"></script>
<script src="/Able9B7369Test2/Scripts/superfish.js"></script>
<script src="/Able9B7369Test2/Scripts/alert-script.js"></script>
<script src="/Able9B7369Test2/Scripts/app.js"></script>

Thanks
Back to top

Wanna join the discussion?! Login to your AbleCommerce Forums forum account. New Registrations are disabled.
Back to top  
shaharyar  
#2 Posted : Thursday, January 5, 2023 1:19:29 AM(UTC)
shaharyar

Rank: Advanced Member

Groups: Admin, Developers, Registered, HelpDesk, Authorized User
Joined: 10/5/2018(UTC)
Posts: 703

Thanks: 5 times
Was thanked: 113 time(s) in 112 post(s)
Following are the two files where you can find these entries. I am not sure how you could add a nonce attribute.

\Website\App_Start\BundleConfig.cs
\Website\Areas\Admin\BundleConfig.cs
Back to top
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Privacy Policy | Powered by YAF.NET 2.2.4.14 | YAF.NET © 2003-2024, Yet Another Forum.NET
This page was generated in 0.094 seconds.