Content Security Policy (CSP) — Syncfusion ASP.NET Core (Security)

Use this skill for high-level, Syncfusion-specific CSP guidance and references. Detailed code snippets and implementation examples live in the concern's references files.

When to Use

• Implementing CSP headers for Syncfusion EJ2 controls
• Running in strict CSP mode where inline scripts/styles are restricted
• Adding nonces to inline scripts/styles for Syncfusion initialization
• Allowlisting CDN resources or external fonts required by Syncfusion themes

Quick Checklist

• Generate a cryptographically secure nonce per request
• Add the nonce to the CSP header and to all Syncfusion script/style tags
• Allow required CDN origins and font providers in CSP directives
• Avoid unsafe-inline/unsafe-eval unless absolutely necessary
• Verify behavior in browser DevTools and address CSP violations