XperienceCommunity.CSP 2.2.0

There is a newer version of this package available.
See the version list below for details.
dotnet add package XperienceCommunity.CSP --version 2.2.0                
NuGet\Install-Package XperienceCommunity.CSP -Version 2.2.0                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="XperienceCommunity.CSP" Version="2.2.0" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add XperienceCommunity.CSP --version 2.2.0                
#r "nuget: XperienceCommunity.CSP, 2.2.0"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install XperienceCommunity.CSP as a Cake Addin
#addin nuget:?package=XperienceCommunity.CSP&version=2.2.0

// Install XperienceCommunity.CSP as a Cake Tool
#tool nuget:?package=XperienceCommunity.CSP&version=2.2.0                

Xperience Community: Content Security Policy (CSP) Management

Description

Adds a module to the admin site for easy configuration of Content Security Policy (CSP) headers for web channels.

Screenshots

Once installed, a new module appears in the navigation and the dashboard: <a href="src/images/navigation-tile.png"> <img src="src/images/navigation-tile.png" width="600" alt="CSP Management module in navigation"> </a>

Screen for creating a new CSP configuration (on a per source url basis): <a href="src/images/create-new.png"> <img src="src/images/create-new.png" width="600" alt="Create a new CSP configuration screen"> </a>

Listing shows all configurations, including which web channel they are assigned to. <a href="src/images/csp-listing.png"> <img src="src/images/csp-listing.png" width="600" alt="CSP configuration listing screen"> </a>

Library Version Matrix

Xperience Version Library Version
>= 29.1.4 2.0.0
>= 28.3.0 1.0.0

Dependencies

Package Installation

Add the package to your application using the .NET CLI

dotnet add package XperienceCommunity.CSP

Quick Start

  1. Install NuGet package above.

  2. Register the CSP management services using builder.Services.AddXperienceCommunityCspManagement():

    // Program.cs
    
    var builder = WebApplication.CreateBuilder(args);
    
    builder.Services.AddKentico();
    
    // ...
    
    builder.Services.AddXperienceCommunityCspManagement();
    
  3. Register the CSP management middleware using app.UseXperienceCommunityCspManagement():

     var app = builder.Build();
    
     app.UseKentico();
    
     // ...
    
     app.UseXperienceCommunityCspManagement();
    
  4. That's it, launch your website and the module should be installed ready to go! Once you've configured your CSP headers, load a page on the website and check the headers in your browser console.

CSP Nonce Support

This module supports the use of nonces in your CSP headers.

When creating a new CSP configuration, you can enable or disable a nonce being added for the selected directives. This will add a nonce to the header.

You are responsible for adding the nonce to your inline scripts and styles. You can use the CspNonceService to get the current nonce value. This service can be injected into your services, controllers, or views.

public class MyService
{
    private readonly ICspNonceService _cspNonceService;

    public MyService(ICspNonceService cspNonceService)
    {
        _cspNonceService = cspNonceService;
    }

    public string GetNonce()
    {
        return _cspNonceService.Nonce;
    }
}

Contributing

Feel free to submit issues or pull requests to the repository, this is a community package and everyone is welcome to support.

License

Distributed under the MIT License. See LICENSE.md for more information.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
3.1.0 200 10/29/2024
3.0.0 195 10/22/2024
2.2.1 271 7/13/2024
2.2.0 121 6/29/2024
2.1.0 131 6/21/2024
2.0.0 127 6/20/2024
1.0.0 184 3/4/2024