(DOTNET-123) Allow nonce attribute value to be passed in (#134)

* DOTNET-116 add nonce attribute to script tag for CSP support

* DOTNET-116 provide the ability to set a nonce value for the script

Co-authored-by: Todd Lair <[email protected]>
Co-authored-by: Daniel Gidman <[email protected]>

Author: 3 people

Src/StackifyLib/Web/RealUserMonitoring.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Security.Cryptography;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
@@ -9,8 +9,12 @@ namespace StackifyLib.Web
     public static class RealUserMonitoring
     {
         private static readonly RandomNumberGenerator Rng = new RNGCryptoServiceProvider();
-
-        public static string GetHeaderScript()
+        
+        /// <summary>
+        /// Generate the header script for including RUM
+        /// </summary>
+        /// <param name="nonce">nonce value, defaults to a cryptographic unique string if left null</param>
+        public static string GetHeaderScript(string nonce = null)
         {
             var rumScriptUrl = Config.RumScriptUrl;
             var rumKey = Config.RumKey;
@@ -52,13 +56,16 @@ public static string GetHeaderScript()
                 settings["Trans"] = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(reportingUrl));
             }
 
-            // generate nonce for strict CSP rules
+            return string.Format("<script type=\"text/javascript\" nonce=\"{3}\">(window.StackifySettings || (window.StackifySettings = {0}))</script><script src=\"{1}\" data-key=\"{2}\" async></script>",
+                settings.ToString(Formatting.None), rumScriptUrl, rumKey, nonce ?? GetNonce());
+        }
+
+        // generate nonce for strict CSP rules
+        private static string GetNonce()
+        {
             var nonceBytes = new byte[20];
             Rng.GetNonZeroBytes(nonceBytes);
-            var nonce = Convert.ToBase64String(nonceBytes);
-
-            return string.Format("<script type=\"text/javascript\" nonce=\"{3}\">(window.StackifySettings || (window.StackifySettings = {0}))</script><script src=\"{1}\" data-key=\"{2}\" async></script>",
-                settings.ToString(Formatting.None), rumScriptUrl, rumKey, nonce);
+            return Convert.ToBase64String(nonceBytes);
         }
     }
 }