You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: frontend/docs/ARCHITECTURE.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -58,7 +58,7 @@ You should take care to implement [accessibility](https://angular.dev/best-pract
58
58
59
59
The backend emits content security policy HTTP headers. They are very strict and aim at avoiding XSS attacks and stealing user data/credentials. This may have impact on developing the frontend. However, instead of relaxing rules you should aim at making the frontend code compliant with those secrity rules.
60
60
61
-
The application supports strict content-security-policies **_WITHOUT_** unsafe-\*. We do so by letting the backend insert every request to the frontend a random nonce (see [backend documentation9](../../backend/docs/CONFIGURE.md)) that is included by the frontend to protect the scripts by using Angulars [ngCspNonce](https://angular.dev/best-practices/security#content-security-policy) mechanism (first one).
61
+
The application supports strict content-security-policies **_WITHOUT_** unsafe-\*. We do so by letting the backend insert every request to the frontend a random nonce (see [backend documentation](../../backend/docs/CONFIGURE.md)) that is included by the frontend to protect the scripts by using Angulars [ngCspNonce](https://angular.dev/best-practices/security#content-security-policy) mechanism (first one).
62
62
63
63
For that we defined a placeholder "${cspNonce}" in [index.html](../src/index.html) that is replaced by a random nonce by the backend on every request.
0 commit comments