Comments (2)
JoostK
commented on April 27, 2024
This is working as expected; a nonce must be available synchronously during startup.
What's the reasoning for fetching a nonce via the server anyway? Why not generate it locally in the client? That can't normally be done for scripts (as it's a catch 22) but if you have the ability to execute code anyway, then I don't see why you'd need a server to generate a nonce...
from angular.
Peter-Zakharevich
commented on April 27, 2024
This is working as expected; a nonce must be available synchronously during startup.
What's the reasoning for fetching a nonce via the server anyway? Why not generate it locally in the client? That can't normally be done for scripts (as it's a catch 22) but if you have the ability to execute code anyway, then I don't see why you'd need a server to generate a nonce...
The reason why we're fetching a nonce it's because API side have a control over CSP policies (e.g. alowed chases, nonces e.t.c), Client side receive CSP policies via HTTP headers.
Are you suggesting to implement CSP policies for the styles on the Client side via meta tag ?
In that case, can we use injection of csp_nonce token for meta tag or we have to write some custom logic to populate csp policies there?
from angular.
Related Issues (20)
- @Input({ required: true }) - Required inputs do not throw errors at build time HOT 3
- Doc is contradictory about :host vs @HostBinding and @HostListener HOT 2
- compiler: cryptic error when the track expression is empty for the control flow @for
- Add an observable that get triggered when the number of control changes in the FormArray. HOT 2
- [adev] CLI command pages options are cluttered
- CLI sub commands are not listed correctly in adev HOT 2
- Aliases for Angular CLI options are not listed in adev HOT 1
- Deprecated CLI options are not marked as such in adev
- Aliases for Angular CLI commands are not listed in adev HOT 1
- ADEV is missing illustration on `ng completion`
- Support for setting Input Signals programmatically for projected content children HOT 8
- Components with *ngIf are rendered before others HOT 4
- document.createElement('canvas') fails out of the box HOT 3
- Getting started tutorial does not seem to work HOT 2
- Broken Link on Angular.IO HOT 2
- Change interpolation characters in the @component decorator HOT 2
- allow disabled formgroup at initialization
- Angular 17 Tutorial : confusing sentence
- Blocks @defer breaks Server Side Rendering and Static Site Generation HOT 7
- Directive Execution Issue: Upgrading from Angular v17.2.0 to v17.3.0-rc.0 - Executing on Non-existent DOM Elements HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from angular.