Skip to main content
BuyLog In
.NET Reporting Tools
Search in…
Docs > ASP.NET Core API Reference > DevExpress.AspNetCore.Reporting > ClientControlContentBuilderBase<TSettings, TImpl> > Methods > Nonce(String)
All docs
V25.1
    • Reporting
    Product Information
    What's New
    .NET Support
    Get Started with DevExpress Reporting
    Create Different Report Types (Walkthroughs)
    Detailed Guide to DevExpress Reporting
    Memory Usage in Reporting - Best Practices
    Localize Reporting Applications
    Security Considerations
    AI-powered Extensions
    Visual Studio Report Designer
    VS Code Report Designer
    Reporting for Desktop
    Reporting for .NET MAUI
    Reporting for Web
    Reporting .NET Migration Guides
    Cloud Integration
    .NET Aspire Integration
    Cross-Platform .NET App UI
    Backend Web API Service / REST API for Reporting
    WCF Report Service
    End-User Documentation
    Redistribution and Deployment
    API Reference
    ASP.NET Core API Reference
    DevExpress.AIIntegration.AspNetCore.Reporting
    DevExpress.Aspire.AspNetCore.Reporting
    DevExpress.Aspire.Reporting
    DevExpress.AspNetCore
    DevExpress.AspNetCore.Reporting
    AIPromptToExpressionConfigurationBuilder
    AIPromptToReportConverterConfigurationBuilder
    AIReportingConfigurationBuilder
    AIReportingExtensions
    AISummarizationConfigurationBuilder
    AITestDataSourceConfigurationBuilder
    AITranslationConfigurationBuilder
    ClientControlContentBuilderBase<TSettings, TImpl>
    Members
    Constructors
    Methods
    AutoBind(Boolean)
    ClientSideModelSettings(Action<ClientSideModelSettings>)
    CssClassName(String)
    Height(String)
    Name(String)
    Nonce(String)
    RightToLeft(Boolean)
    Width(String)
    QueryBuilderConfigurationBuilder
    ReportDesignerConfigurationBuilder
    ReportingConfigurationBuilder
    ReportingConfigurationException
    ReportingSettings
    StartupExtensions
    WebDocumentViewerConfigurationBuilder
    DevExpress.AspNetCore.Reporting.Azure
    DevExpress.AspNetCore.Reporting.Logging
    DevExpress.AspNetCore.Reporting.ParametersPanel
    DevExpress.AspNetCore.Reporting.QueryBuilder
    DevExpress.AspNetCore.Reporting.ReportDesigner
    DevExpress.AspNetCore.Reporting.WebDocumentViewer
    DevExpress.XtraReports.Web.Extensions.Options
    DevExpress.XtraReports.Web.Extensions.Services
    Blazor API Reference
    Client API Reference
    Client API Reference (Web Forms & MVC)
    Download CHM

    ClientControlContentBuilderBase<TSettings, TImpl>.Nonce(String) Method

    Specifies the nonce value.

    Namespace: DevExpress.AspNetCore.Reporting

    Assembly: DevExpress.AspNetCore.Reporting.v25.1.dll

    NuGet Package: DevExpress.AspNetCore.Reporting

    Declaration

    public TImpl Nonce(
    string nonce
)

    Parameters

    Name Type Description
    nonce String

    A string that is the nonce value

    Returns

    Type Description
    TImpl

    A builder instance that can be used to further configure the reporting component.

    Remarks

    The Nonce property enables you to implement a nonce-based Content Security Policy.

    Examples

    Document Viewer

    This example demonstrates how to implement a nonce-based Content Security Policy (CSP) for an ASP.NET Core Application through an HTTP response header:

    View Example

    In the HomeController.cs file, generate the nonce value. The RandomNumberGenerator class is used to generate cryptographically strong random values. Add an HTTP header with the Content Security Policy with nonce for the script-src directive.

    The following code snippet shows how to add a nonce-based CSP for the Document Viewer component:

    using DevExpress.AspNetCore.Reporting.WebDocumentViewer;
using DevExpress.XtraReports.Web.WebDocumentViewer;
using Microsoft.AspNetCore.Mvc;
using System;
using System.Security.Cryptography;
using System.Threading.Tasks;
//...
public async Task<IActionResult> Viewer(
    [FromServices] IWebDocumentViewerClientSideModelGenerator clientSideModelGenerator,
    [FromQuery] string reportName) {
    var nonceBytes = new byte[32];
    using var generator = RandomNumberGenerator.Create();
    generator.GetBytes(nonceBytes);
    var nonce = Convert.ToBase64String(nonceBytes);
    HttpContext.Response.Headers.Add("Content-Security-Policy",
                string.Format("script-src 'self' 'nonce-{0}';", nonce) +
                "img-src data: https: http:;" +
                "style-src 'self';" +
                "connect-src 'self';" +
                "worker-src 'self' blob:;" +
                "frame-src 'self' blob:;"
            );
    var reportToOpen = string.IsNullOrEmpty(reportName) ? "TestReport" : reportName;
    var model = new Models.ViewerModel {
        ViewerModelToBind = await clientSideModelGenerator.GetModelAsync(reportToOpen, WebDocumentViewerController.DefaultUri),
        Nonce = nonce
    };
    return View(model);
}
//...

    The new nonce value is generated each time the page loads.

    On the page, pass the nonce value to the Nonce method:

    @*...*@
@{
    var viewerRender = Html.DevExpress().WebDocumentViewer("DocumentViewer")
        .Height(null)
        .Width(null)
        .Nonce(Model.Nonce)
        .CssClassName("my-reporting-component")
        .Bind(Model.ViewerModelToBind);
    @viewerRender.RenderHtml()
}

    Note

    Set the Height and Width to null for the application to work properly. You can specify the required height and width in a CSS class.

    Report Designer

    This example implements a nonce-based Content Security Policy (CSP) for an ASP.NET Core Application through an HTTP response header:

    View Example

    In the HomeController.cs file, generate the nonce value. The RandomNumberGenerator class is used to generate cryptographically strong random values. Add an HTTP header with the Content Security Policy with nonce for the script-src directive.

    The following code snippet adds a nonce-based CSP for the Report Designer component:

    using DevExpress.XtraReports.Web.ReportDesigner;
using Microsoft.AspNetCore.Mvc;
using System;
using System.Collections.Generic;
using System.Security.Cryptography;
using System.Threading.Tasks;
//...
public async Task<IActionResult> Designer(
    [FromServices] IReportDesignerClientSideModelGenerator clientSideModelGenerator,
    [FromQuery] string reportName) {

    var nonceBytes = new byte[32];
    using var generator = RandomNumberGenerator.Create();
    generator.GetBytes(nonceBytes);
    var nonce = Convert.ToBase64String(nonceBytes);

    HttpContext.Response.Headers.Add("Content-Security-Policy",
                string.Format("script-src 'self' 'nonce-{0}';", nonce) +
                "img-src data: https: http:;" +
                "style-src 'self';" +
                "connect-src 'self';" +
                "worker-src 'self' blob:;" +
                "frame-src 'self' blob:;"
            );

    Models.ReportDesignerCustomModel model = new Models.ReportDesignerCustomModel();
    model.ReportDesignerModel = await CreateDefaultReportDesignerModel(clientSideModelGenerator, reportName, null);
    model.Nonce = nonce;
    return View(model);
}
//...

    The new nonce value is generated each time the page loads.

    On the page, pass the nonce value to the Report Designer’s Nonce method:

    @{
    var designerRender = Html.DevExpress().ReportDesigner("reportDesigner")
        .Height(null)
        .Width(null)
        .Nonce(Model.Nonce)
        .CssClassName("my-reporting-component")
        .Bind(Model.ReportDesignerModel);
    @designerRender.RenderHtml()
}

    Note

    Set the Height and Width properties to null for the application to work properly. You can specify the required height and width in a CSS class.

    See Also