Skip to content

Commit

Permalink
Add demo of adding hashes for fallback scripts to demo site (#170)
Browse files Browse the repository at this point in the history
  • Loading branch information
@andrewlock
andrewlock authored Aug 26, 2024
1 parent ec4f4de commit 05b87f6
Show file tree
Hide file tree
Showing 4 changed files with 27 additions and 2 deletions.
13 changes: 12 additions & 1 deletion test/RazorWebSite/Pages/Shared/_Layout.cshtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,18 @@
</footer>
</div>

<script src="~/js/site.js" asp-append-version="true"></script>
<script src="~/js/site.js" asp-append-version="true"></script>
<script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/jquery.slim.min.js"
integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj"
asp-fallback-src="~/js/jquery.slim.min.js"
asp-fallback-test="window.jQuery"
crossorigin="anonymous" asp-add-nonce="true"></script>

<script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js"
integrity="sha384-Fy6S3B9q64WdZWQUiU+q4/2Lc9npb8tCaSX9FK7E8HnRr0Jz8D6OP9dO5Vg3Q9ct"
asp-fallback-src="~/js/bootstrap.min.js"
asp-fallback-test="window.jQuery && window.jQuery.fn && window.jQuery.fn.modal"
crossorigin="anonymous" asp-add-nonce="true"></script>
@RenderSection("Scripts", required: false)
</body>
</html>
7 changes: 6 additions & 1 deletion test/RazorWebSite/Startup.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,12 @@ public void Configure(IApplicationBuilder app, IHostingEnvironment env)
builder.AddMediaSrc().From("*");
builder.AddImgSrc().From("*").Data();
builder.AddObjectSrc().From("*");
builder.AddScriptSrc().From("*").WithHashTagHelper().WithNonce().UnsafeHashes();
builder.AddScriptSrc().From("*")
.WithHashTagHelper()
.WithNonce()
.UnsafeHashes()
.WithHash256("j/kWZ/y+DZQOTLHQxWwAAu/hg+GGWVXxmPixUq26wnc=") // Allow the jquery asp-fallback-test script element
.WithHash256("WuuOVwpUdf7Fb0r2WZxkqiv5V457zV2zpgSjN0Jy63Q="); // Allow the bootstrap asp-fallback-test script element
builder.AddStyleSrc().From("*").WithHashTagHelper().UnsafeHashes();
})
.RemoveServerHeader();
Expand Down
7 changes: 7 additions & 0 deletions test/RazorWebSite/wwwroot/js/bootstrap.min.js
View file

Large diffs are not rendered by default.

2 changes: 2 additions & 0 deletions test/RazorWebSite/wwwroot/js/jquery.slim.min.js
View file

Large diffs are not rendered by default.

0 comments on commit 05b87f6

Please sign in to comment.