Hi, I have developed an MVC website using Kentico 12SP version. I need to enable Content-Security-Policy(CSP) script-src and style-src directives using the nonce id or hash algorithm option, so as to block the cross-scripting security issue. All the inline script tags and inline style tags throughout my MVC web app will be having dynamic nonce id or hash id on all the script and style tags and any inline script or style tag that doesn't have this dynamic id generated by the MVC web app will be blocked by the browser according to the CSP script-src policy and CSP style-src policy.
As some of the inline script and inline style tags are added on DOM by the Kentico Components also. For example, when using Kentico forms in the MVC application, when the form is rendered on DOM it dynamically loads the inline script below the form Submit button on DOM.
So in my case, I want to add the dynamic id generated by my MVC web app to these inline script and style tags generated by Kentico components. Otherwise, the CSP policy will block these scripts and styles on the browser.
Is there any way using which I can add dynamic nonce id or hash id generated by my MVC web app on inline script and styles included by Kentico components?
Does anyone have any inputs that how can we implement the above described CSP feature in Kentico.
Did you find any solution for this? Would be interested in any solution... if not try contacting Kentico Support by emailing them using support@kentico.com
Please, sign in to be able to submit a new answer.