Skip to content

CspProvider

CspProvider cascades a Content-Security-Policy nonce and a “disable style elements” flag to descendants via two cascading values, for consumers or future features that inject inline <style>/<script> elements under a strict CSP. It renders no visible element of its own.

Retired per ADR-0003. Content-Security-Policy is a browser response-header/inline-script- allowlisting mechanism; WPF has no script/style injection model and no CSP enforcement layer for a nonce to police, so there is no native mechanism to replace it with, only the observation that the underlying browser problem does not exist on this platform.

  • No NaviusCspProvider or cascaded NaviusCspNonce/NaviusCspDisableStyleElements equivalent ships; there is nothing analogous for a WPF consumer to opt into or branch on.
  • The web family exists mostly for API parity and forward-looking consumers, per its own code comment (Navius itself injects no <style>/<script> elements today and needs no nonce); that forward-looking need does not carry over to a XAML/CLR rendering model with no script/style injection surface at all.