== Why is this an issue?

include::../rationale.adoc[]

include::../impact.adoc[]

== How to fix it

=== Code examples

==== Noncompliant code example

[source,csharp,diff-id=1,diff-type=noncompliant]
----
using System.Web;

public async Task InvokeAsync(HttpContext context)
{
    context.Response.Headers.ContentSecurityPolicy = "script-src 'self' 'unsafe-inline';"; // Noncompliant
}
----

==== Compliant solution

[source,csharp,diff-id=1,diff-type=compliant]
----
using System.Web;

public async Task InvokeAsync(HttpContext context)
{
    context.Response.Headers.ContentSecurityPolicy = "script-src 'self' 'sha256-RFWPLDbv2BY+rCkDzsE+0fr8ylGr2R2faWMhq4lfEQc=';";
}
----

=== How does this work?

include::../common/fix/least_privilege.adoc[]

== Resources

include::../common/resources/docs.adoc[]

include::../common/resources/standards.adoc[]