CSP with Umbraco 12 | Umbraco | Page 1

hallow fiber Jul 24, 2023, 4:05 PM

#

How do you set up a CSP to stop it firing when in the CMS? Not using a middleware. Or use middleware ONLy to check if you are in /umbraco

grave mortar Jul 24, 2023, 4:51 PM

#

Middleware and my package in preview https://www.nuget.org/packages/Umbraco.Community.CSPManager/1.1.0-alpha

Umbraco.Community.CSPManager 1.1.0-alpha

Enabled CSP management with in the Umbraco back office

craggy mountain Jul 24, 2023, 7:11 PM

#

Or use something like NWebsec.AspNetCore.Middleware

#

and you can do stuff like:

app.UseWhen(
            x => x.Request.Path.ToString().StartsWith("/umbraco"),
            builder => builder
                .UseCsp(options => options
                    .DefaultSources(s => s
                        .Self())
                    .ImageSources(s => s
                        .Self()
                        .CustomSources(
                            "blob:",
                            "data:",
                            "dashboard.umbraco.com",
                            "*.googleapis.com",
                            "*.gstatic.com"))

#CSP with Umbraco 12