DEV Community

A. Rdz
A. Rdz

Posted on

1

CSP (with A+ in mozilla observatory) + Angular2+

#angular #unsafe #inline #csp

Hello!

Has anyone gotten to publish an angular 2+ project and csp (with A + in mozilla observatory), without using the unsafe-inline alternative?

I'm trying to use the nonce alternative, but I have some doubts about it ...

  1. Whose responsibility is it to generate the value of a nonce, client or server?

  2. Any web server that you recommend for this case? (Currently the policy is being implemented in a lambda function of AWS from a cloud front)

  3. Some way to inject or pass the nonce value to the client into the index.html to later read it from angular?. (by metatag, I think)

Thanks for your attention.

Top comments (0)

profile
Sentry
 Promoted

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

Read next

uiuxsatyam profile image

Creating Essential Geometric Shapes Using CSS Only

Satyam Anand -

bruh_buh_f683772f171823db profile image

13 Github Projects that Will Supercharge Your Development Journey in 2025 🚀

Bruh Buh -

mastermentee profile image

Wish Someone Had Told Me This in School

Keyul Patel -

kartikmehta8 profile image

Developing AI-Generated 3D Models with NeRF

Kartik Mehta -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay