New security features added to Ajax.NET Professional

New release available

Michael Schwarz on Wednesday, November 3, 2021

I just have published a new release of the Ajax.NET Professional library including several new security features. Please check out [1] for further details.

Security Settings

In web.config you can configure different security related settings.

One of the most important is to set a Content-Security-Policy [2] HTTP response header to ensure to trust only JavaScript and other resources that are coming from your web server or trusted locations. As AjaxPro [1] is generating some JavaScript files on-the-fly you can set the JavaScript nonce in your web.config:

			<contentSecurityPolicy nonce="abcdefghijklmnopqrstuvwxyz" />
				<add name="Content-Security-Policy" 
					 value="frame-ancestors; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'nonce-abcdefghijklmnopqrstuvwxyz';" />