Merge pull request #154 from gfulep/csp-allow-inline-with-nonce

Add nonce attribute to inline script element
nabinked · Mar 30, 2022 · 8856e97 · 8856e97
2 parents eba5278 + 531fc07
commit 8856e97
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 4 deletions.
diff --git a/src/Components/NToastNotifyViewComponent.cs b/src/Components/NToastNotifyViewComponent.cs
@@ -18,7 +18,7 @@ public NToastNotifyViewComponent(IToastNotification toastNotification, ILibrary
             _nToastNotifyOption = nToastNotifyOption;
         }
 
-        public IViewComponentResult Invoke()
+        public IViewComponentResult Invoke(string? nonce = null)
         {
             var assemblyName = GetType().Assembly.GetName();
             var model = new ToastNotificationViewModel(
@@ -27,7 +27,8 @@ public IViewComponentResult Invoke()
                 responseHeaderKey: Constants.ResponseHeaderKey,
                 libraryDetails: _library,
                 disableAjaxToasts: _nToastNotifyOption.DisableAjaxToasts,
-                libraryJsPath: $"~/_content/{assemblyName.Name}/{_library.VarName}.js?{assemblyName.Version}");
+                libraryJsPath: $"~/_content/{assemblyName.Name}/{_library.VarName}.js?{assemblyName.Version}",
+                nonce: nonce);
 
             return View("Default", model);
         }

diff --git a/src/Components/ToastNotificationViewModel.cs b/src/Components/ToastNotificationViewModel.cs
@@ -2,27 +2,32 @@
 {
     public class ToastNotificationViewModel
     {
-        public ToastNotificationViewModel(string toastMessagesJson, string requestHeaderKey, string responseHeaderKey, ILibrary libraryDetails, bool disableAjaxToasts, string libraryJsPath)
+        public ToastNotificationViewModel(string toastMessagesJson, string requestHeaderKey, string responseHeaderKey, ILibrary libraryDetails, bool disableAjaxToasts, string libraryJsPath, string? nonce)
         {
             ToastMessagesJson = toastMessagesJson;
             RequestHeaderKey = requestHeaderKey;
             ResponseHeaderKey = responseHeaderKey;
             LibraryDetails = libraryDetails;
             DisableAjaxToasts = disableAjaxToasts;
             LibraryJsPath = libraryJsPath;
+            Nonce = nonce;
         }
+
         /// <summary>
         /// JSON string of arrays of message
         /// </summary>
         public string ToastMessagesJson { get; }
+
         /// <summary>
         /// Request header key used to show toast notification in AJAX calls
         /// </summary>
         public string RequestHeaderKey { get; }
+
         /// <summary>
         /// Response header key used to show toast notification in AJAX calls
         /// </summary>
         public string ResponseHeaderKey { get; }
+
         /// <summary>
         /// Library details 
         /// </summary>
@@ -37,5 +42,10 @@ public ToastNotificationViewModel(string toastMessagesJson, string requestHeader
         /// The path of the js
         /// </summary>
         public string LibraryJsPath { get; set; }
+
+        /// <summary>
+        /// Nonce value for allow the inline script to run if CSP is set 
+        /// </summary>
+        public string? Nonce { get; set; }
     }
 }
diff --git a/src/Views/Shared/Components/NToastNotify/Default.cshtml b/src/Views/Shared/Components/NToastNotify/Default.cshtml
@@ -5,7 +5,7 @@
         throw new Exception();
 }
 <script src=@Url.Content(@Model.LibraryJsPath) type="text/javascript"></script>
-<script>
+<script nonce=@Model.Nonce>
     if (nToastNotify) {
         nToastNotify.init({
             firstLoadEvent: 'DOMContentLoaded',