XperienceCommunity.CSP
2.2.0
See the version list below for details.
dotnet add package XperienceCommunity.CSP --version 2.2.0
NuGet\Install-Package XperienceCommunity.CSP -Version 2.2.0
<PackageReference Include="XperienceCommunity.CSP" Version="2.2.0" />
paket add XperienceCommunity.CSP --version 2.2.0
#r "nuget: XperienceCommunity.CSP, 2.2.0"
// Install XperienceCommunity.CSP as a Cake Addin #addin nuget:?package=XperienceCommunity.CSP&version=2.2.0 // Install XperienceCommunity.CSP as a Cake Tool #tool nuget:?package=XperienceCommunity.CSP&version=2.2.0
Xperience Community: Content Security Policy (CSP) Management
Description
Adds a module to the admin site for easy configuration of Content Security Policy (CSP) headers for web channels.
Screenshots
Once installed, a new module appears in the navigation and the dashboard: <a href="src/images/navigation-tile.png"> <img src="src/images/navigation-tile.png" width="600" alt="CSP Management module in navigation"> </a>
Screen for creating a new CSP configuration (on a per source url basis): <a href="src/images/create-new.png"> <img src="src/images/create-new.png" width="600" alt="Create a new CSP configuration screen"> </a>
Listing shows all configurations, including which web channel they are assigned to. <a href="src/images/csp-listing.png"> <img src="src/images/csp-listing.png" width="600" alt="CSP configuration listing screen"> </a>
Library Version Matrix
Xperience Version | Library Version |
---|---|
>= 29.1.4 | 2.0.0 |
>= 28.3.0 | 1.0.0 |
Dependencies
Package Installation
Add the package to your application using the .NET CLI
dotnet add package XperienceCommunity.CSP
Quick Start
Install NuGet package above.
Register the CSP management services using
builder.Services.AddXperienceCommunityCspManagement()
:// Program.cs var builder = WebApplication.CreateBuilder(args); builder.Services.AddKentico(); // ... builder.Services.AddXperienceCommunityCspManagement();
Register the CSP management middleware using
app.UseXperienceCommunityCspManagement()
:var app = builder.Build(); app.UseKentico(); // ... app.UseXperienceCommunityCspManagement();
That's it, launch your website and the module should be installed ready to go! Once you've configured your CSP headers, load a page on the website and check the headers in your browser console.
CSP Nonce Support
This module supports the use of nonces in your CSP headers.
When creating a new CSP configuration, you can enable or disable a nonce being added for the selected directives. This will add a nonce to the header.
You are responsible for adding the nonce to your inline scripts and styles. You can use the CspNonceService
to get the current nonce value. This service can be injected into your services, controllers, or views.
public class MyService
{
private readonly ICspNonceService _cspNonceService;
public MyService(ICspNonceService cspNonceService)
{
_cspNonceService = cspNonceService;
}
public string GetNonce()
{
return _cspNonceService.Nonce;
}
}
Contributing
Feel free to submit issues or pull requests to the repository, this is a community package and everyone is welcome to support.
License
Distributed under the MIT License. See LICENSE.md
for more information.
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. |
-
net8.0
- Kentico.Xperience.Admin (>= 29.1.4)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.