The latest articles on DEV Community by A. Rdz (@jdodiguez). https://dev.to/jdodiguez https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F397553%2F919a2a06-d1be-4a1e-b128-7c537d2f084f.jpg https://dev.to/jdodiguez en A. Rdz Tue, 07 Jul 2020 16:40:57 +0000 https://dev.to/jdodiguez/csp-with-a-in-mozilla-observatory-angular2-29na https://dev.to/jdodiguez/csp-with-a-in-mozilla-observatory-angular2-29na <p>Hello!</p> <p>Has anyone gotten to publish an angular 2+ project and csp (with A + in mozilla observatory), without using the unsafe-inline alternative?</p> <p>I'm trying to use the nonce alternative, but I have some doubts about it ...</p> <ol> <li><p>Whose responsibility is it to generate the value of a nonce, client or server?</p></li> <li><p>Any web server that you recommend for this case? (Currently the policy is being implemented in a lambda function of AWS from a cloud front)</p></li> <li><p>Some way to inject or pass the nonce value to the client into the index.html to later read it from angular?. (by metatag, I think)</p></li> </ol> <p>Thanks for your attention.</p> angular unsafe inline csp