CspProvider
Overview
Section titled “Overview”CspProvider cascades a Content-Security-Policy nonce and a “disable style elements” flag to
descendants via two cascading values, for consumers or future features that inject inline
<style>/<script> elements under a strict CSP. It renders no visible element of its own.
Status on WPF
Section titled “Status on WPF”Retired per ADR-0003. Content-Security-Policy is a browser response-header/inline-script- allowlisting mechanism; WPF has no script/style injection model and no CSP enforcement layer for a nonce to police, so there is no native mechanism to replace it with, only the observation that the underlying browser problem does not exist on this platform.
Web deltas
Section titled “Web deltas”- No
NaviusCspProvideror cascadedNaviusCspNonce/NaviusCspDisableStyleElementsequivalent ships; there is nothing analogous for a WPF consumer to opt into or branch on. - The web family exists mostly for API parity and forward-looking consumers, per its own code
comment (Navius itself injects no
<style>/<script>elements today and needs no nonce); that forward-looking need does not carry over to a XAML/CLR rendering model with no script/style injection surface at all.