Does ASP.NET work with Content Security Policy, other than using unsafe? RRS feed

  • Question

  • I manage an ASP.NET based solution, currently targeting .NET 4.7, and am getting increasing pressure to make the solution compatible with Content Security Policy header.  Most notably, however, the requests specifically do not want to have to enable unsafe features (unsafe-inline, unsafe-eval, etc).

    So many ASP.NET features render inline script and inline style, I'm just not seeing a way to support this without a re-write.  Is there some page compatibility setting I'm just missing?


    Tuesday, January 23, 2018 8:56 PM

All replies