Documentation Menu

Content Security Policy (CSP)

Content Security Policy (CSP) is an optional security feature built into modern browsers. It lets you set limits on the browser, such as the locations where it can load scripts from, by sending a Content-Security-Policy response header.

If you use Content Security Policy on your site, the following restrictions affect your use of JSNLog:

  1. unsafe-eval - jsnlog.js does not use eval, or versions of setTimeout and setInterval that take strings. So there is no need to use unsafe-eval to make your use of JSNLog compliant with CSP.
  2. unsafe-inline - jsnlog.js itself is a single file library that doesn't load any other JavaScript. It can be loaded into your page in a variety of ways.

    If you use ASP.NET MVC, one of these ways is via the Configure method. This allows you to configure JSNLog in your ASP.NET web.config file. It reads the configuration and translates this to inline JavaScript, which then does the actual configuration.

    This means that JSNLog is CSP compliant, except if you use the Configure method.