Skip to main content
BuyLog In
.NET Reporting Tools
Search in…
Docs > ASP.NET Core API Reference > DevExpress.AspNetCore.Reporting.WebDocumentViewer > WebDocumentViewerBuilder > Methods > Nonce(String)
All docs
V23.2
Reporting
Product Information
.NET / .NET Core Support
Get Started with DevExpress Reporting
Create Different Report Types (Walkthroughs)
Detailed Guide to DevExpress Reporting
Localize Reporting Applications
Security Considerations
Visual Studio Report Designer
VS Code Report Designer
Reporting for Desktop
Reporting for .NET MAUI
Reporting for Web
Cloud Integration
Cross-Platform .NET App UI
Backend Web API Service / REST API for Reporting
WCF Report Service
End-User Documentation
Redistribution and Deployment
API Reference
ASP.NET Core API Reference
DevExpress.AspNetCore
DevExpress.AspNetCore.Reporting
DevExpress.AspNetCore.Reporting.Azure
DevExpress.AspNetCore.Reporting.Azure.WebDocumentViewer
DevExpress.AspNetCore.Reporting.Logging
DevExpress.AspNetCore.Reporting.QueryBuilder
DevExpress.AspNetCore.Reporting.ReportDesigner
DevExpress.AspNetCore.Reporting.WebDocumentViewer
IAzureCloudStorageAccountProvider
WebDocumentViewerBuilder
Members
Constructors
Methods
AccessibilityCompliant(Boolean)
AllowUrlWithJsContent(Boolean)
AutoBind(Boolean)
Bind
ClientSideEvents(Action<WebDocumentViewerClientSideEventsBuilder>)
ClientSideModelSettings(Action<ClientSideModelSettings>)
CssClassName(String)
ExportSettings(Action<ExportSettings>)
HandlerUri(String)
Height(String)
MobileMode(Boolean)
MobileSettings(Action<MobileViewerSettings>)
Name(String)
Nonce(String)
OpenReportXmlLayout(Byte[])
ProgressBarSettings(Action<ProgressBarSettings>)
RemoteSourceSettings(Action<RemoteSourceSettings>)
RightToLeft(Boolean)
SearchSettings(Action<SearchSettings>)
TabPanelSettings(Action<TabPanelSettings>)
Width(String)
WebDocumentViewerClientSideEventsBuilder
WebDocumentViewerController
DevExpress.XtraReports.Web.Extensions.Options
DevExpress.XtraReports.Web.Extensions.Services
Blazor API Reference
Client API Reference
Client API Reference (Web Forms & MVC)
Download CHM

WebDocumentViewerBuilder.Nonce(String) Method

Specifies the nonce value.

Namespace: DevExpress.AspNetCore.Reporting.WebDocumentViewer

Assembly: DevExpress.AspNetCore.Reporting.v23.2.dll

NuGet Package: DevExpress.AspNetCore.Reporting

Declaration

public WebDocumentViewerBuilder Nonce(
    string nonce
)

Parameters

Name Type Description
nonce String

A String that specifies the nonce value.

Returns

Type Description
WebDocumentViewerBuilder

A WebDocumentViewerBuilder that can be used to further configure the Document Viewer.

Example

This example demonstrates how to implement a nonce-based Content Security Policy (CSP) for an ASP.NET Core Application through an HTTP response header:

View Example

In the HomeController.cs file, generate the nonce value. The RandomNumberGenerator class is used to generate cryptographically strong random values. Add an HTTP header with the Content Security Policy with nonce for the script-src directive.

The following code snippet shows how to add a nonce-based CSP for the Document Viewer component:

using DevExpress.AspNetCore.Reporting.WebDocumentViewer;
using DevExpress.XtraReports.Web.WebDocumentViewer;
using Microsoft.AspNetCore.Mvc;
using System;
using System.Security.Cryptography;
using System.Threading.Tasks;
//...
public async Task<IActionResult> Viewer(
    [FromServices] IWebDocumentViewerClientSideModelGenerator clientSideModelGenerator,
    [FromQuery] string reportName) {
    var nonceBytes = new byte[32];
    using var generator = RandomNumberGenerator.Create();
    generator.GetBytes(nonceBytes);
    var nonce = Convert.ToBase64String(nonceBytes);
    HttpContext.Response.Headers.Add("Content-Security-Policy",
                string.Format("script-src 'self' 'nonce-{0}';", nonce) +
                "img-src data: https: http:;" +
                "style-src 'self';" +
                "connect-src 'self';" +
                "worker-src 'self' blob:;" +
                "frame-src 'self' blob:;"
            );
    var reportToOpen = string.IsNullOrEmpty(reportName) ? "TestReport" : reportName;
    var model = new Models.ViewerModel {
        ViewerModelToBind = await clientSideModelGenerator.GetModelAsync(reportToOpen, WebDocumentViewerController.DefaultUri),
        Nonce = nonce
    };
    return View(model);
}
//...

The new nonce value is generated each time the page loads.

On the page, pass the nonce value to the Nonce method:

@*...*@
@{
    var viewerRender = Html.DevExpress().WebDocumentViewer("DocumentViewer")
        .Height(null)
        .Width(null)
        .Nonce(Model.Nonce)
        .CssClassName("my-reporting-component")
        .Bind(Model.ViewerModelToBind);
    @viewerRender.RenderHtml()
}

Note

Set the Height and Width properties to null for the application to work properly. You can specify the required height and width in a CSS class.

See Also