0

I'm using Angular SSR (@angular/ssr) with the AngularNodeAppEngine for server-side rendering. I\ve set up a strict Content Security Policy (CSP) that requires using nonces for inline scripts and styles.

I'd like to dynamically generate a CSP nonce on each request and pass it to Angular so that it can be applied to scripts generated by the framework. However, I haven't found a clear way to inject or configure a per-request nonce when using AngularNodeAppEngine.

Is there a supported way to dynamically provide a CSP nonce to Angular when using AngularNodeAppEngine for SSR? If so, how can this be done?

import {AngularNodeAppEngine, createNodeRequestHandler, isMainModule, writeResponseToNodeResponse} from '@angular/ssr/node';
import {join} from 'node:path';
import express from 'express';

const browserDistFolder = join(import.meta.dirname, '../browser');

const app = express();
const angularApp = new AngularNodeAppEngine();

app.use(
    express.static(browserDistFolder, {maxAge: '1y', index: false, redirect: false})
);

app.use((req, res, next) => {
    angularApp
        .handle(req)
        .then((response) =>
            response ? writeResponseToNodeResponse(response, res) : next()
        )
        .catch(next);
});

if (isMainModule(import.meta.url) || process.env['pm_id']) {
    const port = process.env['PORT'] || 8888;
    app.listen(port, (error) => {
        if (error) {
            throw error;
        }

        console.log(`Server listening on http://localhost:${port}`);
    });
}

export const reqHandler = createNodeRequestHandler(app);
Improve this question
1
Related questions
1913
What is the difference between Promises and Observables?
1019
Property '...' has no initializer and is not definitely assigned in the constructor
10
How to run angular universal HTTPS
Load 4 more related questions Show fewer related questions

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.