Description
Noticed while working on something else that our server-side Blazor example CSP has several policy violations for a BWA with Interactive Auto/WebAssembly rendering. The policy will need the 'wasm-unsafe-eval', which is currently only specified for standalone Blazor WebAssembly apps.
Possibly the following for a BWA Interactive Auto app ...
<meta http-equiv="Content-Security-Policy"
content="base-uri 'self';
default-src 'self';
img-src data: https:;
object-src 'none';
script-src 'self' 'wasm-unsafe-eval';
style-src 'self';
connect-src 'self' http://localhost:* wss://localhost:* ws://localhost:*;
upgrade-insecure-requests;">Page URL
https://learn.microsoft.com/en-us/aspnet/core/blazor/security/content-security-policy?view=aspnetcore-9.0
Content source URL
https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/blazor/security/content-security-policy.md
Document ID
6e0b5c52-90a1-5ca6-bfad-df33a8beae6c
Platform Id
c400bf09-7fec-506a-248f-56cbea0ffda2
Article author
@guardrex
Metadata
- ID: 88177a7d-c9ff-c245-5629-a462c9258abf
- PlatformId: c400bf09-7fec-506a-248f-56cbea0ffda2
- Service: aspnet-core
- Sub-service: blazor
Related Issues
Description
Noticed while working on something else that our server-side Blazor example CSP has several policy violations for a BWA with Interactive Auto/WebAssembly rendering. The policy will need the
'wasm-unsafe-eval', which is currently only specified for standalone Blazor WebAssembly apps.Possibly the following for a BWA Interactive Auto app ...
Page URL
https://learn.microsoft.com/en-us/aspnet/core/blazor/security/content-security-policy?view=aspnetcore-9.0
Content source URL
https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/blazor/security/content-security-policy.md
Document ID
6e0b5c52-90a1-5ca6-bfad-df33a8beae6c
Platform Id
c400bf09-7fec-506a-248f-56cbea0ffda2
Article author
@guardrex
Metadata
Related Issues