Sign in

Microsoft.com

Microsoft

Remove From My Forums

Does ASP.NET work with Content Security Policy, other than using unsafe?

Question
0

Sign in to vote
I manage an ASP.NET based solution, currently targeting .NET 4.7, and am getting increasing pressure to make the solution compatible with Content Security Policy header. Most notably, however, the requests specifically do not want to have to enable unsafe features (unsafe-inline, unsafe-eval, etc).

So many ASP.NET features render inline script and inline style, I'm just not seeing a way to support this without a re-write. Is there some page compatibility setting I'm just missing?

--Chad
- Moved by Zhanglong WuMicrosoft contingent staff Wednesday, January 31, 2018 1:34 AM asp.net related
Tuesday, January 23, 2018 8:56 PM

Reply

|

Quote

All replies

0

Sign in to vote

Hi Chad Marshall,

Thank you for posting here.

For your question, you could refer to the link below.

https://rehansaeed.com/content-security-policy-for-asp-net-mvc/

https://www.codeproject.com/Articles/1205746/Using-CSP-Header-in-ASP-NET-Core

https://joonasw.net/view/csp-in-aspnet-core

For more further help, you could post a new thread in ASP.NET forum for suitable support.

Best Regards,

Wendy
MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

Wednesday, January 24, 2018 12:54 AM

Reply

|

Quote
0

Sign in to vote

Thank you for the reply.

I guess I should have been more specific. I'd found the info about MVC and ASP.NET Core, but my question was meant more for I guess classic? ASP.NET? Our solution does not use WebAPI, MVC, or any of the newer technologies just basic ASP.NET controls.

I'll try the ASP.NET forum if this is not the correct place.

--Chad

Wednesday, January 24, 2018 4:01 PM

Reply

|

Quote