DEV Community

A. Rdz
A. Rdz

Posted on

CSP (with A+ in mozilla observatory) + Angular2+

#angular #unsafe #inline #csp

Hello!

Has anyone gotten to publish an angular 2+ project and csp (with A + in mozilla observatory), without using the unsafe-inline alternative?

I'm trying to use the nonce alternative, but I have some doubts about it ...

  1. Whose responsibility is it to generate the value of a nonce, client or server?

  2. Any web server that you recommend for this case? (Currently the policy is being implemented in a lambda function of AWS from a cloud front)

  3. Some way to inject or pass the nonce value to the client into the index.html to later read it from angular?. (by metatag, I think)

Thanks for your attention.

Top comments (0)

Read next

vaishali2 profile image

What makes Python the Backbone of Customer Service Automation in E-commerce?

Vaishali -

sujal_3ef0294679ded profile image

Happy Birthday Himani

Sujal -

td_inc profile image

Skills Required To Become A Machine Learning (ML) Engineer

TechDogs -

minhquocunvn profile image

How can I code AI for cancer ; or Next future Technologies such as Bridge Connection ETH-BTC

Minhquoc Nguyen -