Merge pull request #4642 from syncfusion-content/991761-Replace-obsoleteHF

kmuthukumarmkm · web-flow · commit cd762ada36c7 · 2025-11-13T18:40:00.000+05:30
991761: Replace obsolete Class used in CSP
diff --git a/ej2-asp-core-mvc/EJ2_ASP.NETCORE/system-requirements.md b/ej2-asp-core-mvc/EJ2_ASP.NETCORE/system-requirements.md
@@ -16,21 +16,24 @@ To get started with ASP.NET Core application, ensure the following software to b
 
 ASP.NET Core Applications can be developed using one of the following IDEs. You can also develop using [.NET CLI](https://docs.microsoft.com/en-us/dotnet/core/tools/) without below IDEs.
 
-* [Visual Studio 2022](https://visualstudio.microsoft.com/vs/)
+* [Visual Studio 2026](https://visualstudio.microsoft.com/downloads/#visual-studio-professional-2026)
+* [Visual Studio 2022](https://visualstudio.microsoft.com/vs/older-downloads/#visual-studio-2022-and-other-products)
 * [Visual Studio 2019](https://visualstudio.microsoft.com/vs/older-downloads/)
 * [Visual Studio Code](https://code.visualstudio.com/)
 
 ## Framework & SDK
 
 One of the the following .NET SDK is required to develop and run the Syncfusion<sup style="font-size:70%">&reg;</sup> UI controls for ASP.NET Core application.
 
+* [.NET 10.0 SDK](https://dotnet.microsoft.com/en-us/download/dotnet/10.0)
 * [.NET 9.0 SDK](https://dotnet.microsoft.com/en-us/download/dotnet/9.0)
 * [.NET 8.0 SDK](https://dotnet.microsoft.com/en-us/download/dotnet/8.0)
 * [.NET Core SDK 3.1](https://dotnet.microsoft.com/en-us/download/dotnet/3.1)
 * [.NET Core SDK 2.0](https://dotnet.microsoft.com/en-us/download/dotnet/2.0)
 
 If you are planning to use Visual Studio to develop ASP.NET Core Applications.
+* .NET 10.0 requires Visual Studio 2026 18.0.0 or later.
 * .NET 9.0 requires Visual Studio 2022 17.12.0 or later.
 * .NET 8.0 requires Visual Studio 2022 17.8.0 or later.
 * .NET Core SDK 3.1 requires Visual Studio 2019 16.4 or later.
-* .NET Core SDK 2.0 requires Visual Studio 2017 15.7 or later.
+* .NET Core SDK 2.0 requires Visual Studio 2017 15.7 or later.
diff --git a/ej2-asp-core-mvc/common/EJ2_ASP.NETCORE/content-security-policy.md b/ej2-asp-core-mvc/common/EJ2_ASP.NETCORE/content-security-policy.md
@@ -8,7 +8,7 @@ publishingplatform: ##Platform_Name##
 documentation: ug
 ---
 
-# Content Security Policy
+# Content Security Policy in ASP.NET Core
 
 Content Security Policy (CSP) is a security feature implemented by web browsers to protect against attacks such as cross-site scripting (XSS) and data injection. It limits the sources from which content can be loaded on a web page. To enable strict Content Security Policy (CSP), certain browser features are disabled by default. To use Syncfusion<sup style="font-size:70%">&reg;</sup> controls with strict CSP mode, it is essential to include the following directives:
 
@@ -29,14 +29,13 @@ using System.Security.Cryptography;
 ...
 app.Use(async (context, next) =>
 {
-    RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
     byte[] nonceBytes = new byte[32];
-    rng.GetBytes(nonceBytes);
+    RandomNumberGenerator.Fill(nonceBytes);
     string nonceValue = Convert.ToBase64String(nonceBytes);
-    context.Items.Add("ScriptNonce", nonceValue);
+    context.Items.Add("Nonce", nonceValue);
     context.Response.Headers.Add("Content-Security-Policy", string.Format(
     "script-src 'self' 'nonce-{0}' https://cdn.syncfusion.com;" +
-    "style-src-elem 'self' 'unsafe-inline' https://cdn.syncfusion.com https://fonts.googleapis.com;" +
+    "style-src-elem 'self' 'nonce-{0}' https://cdn.syncfusion.com https://fonts.googleapis.com;" +
     "font-src 'self' data: https://fonts.gstatic.com;" +
     "object-src 'none';", nonceValue));
     await next();
@@ -52,8 +51,10 @@ app.Use(async (context, next) =>
 {% highlight c# tabtitle="~/_Layout.cshtml" %}
 <head>
     ...
+    <!-- Syncfusion ASP.NET Core controls styles -->
+    <link href="https://cdn.syncfusion.com/ej2/{{ site.ej2version }}/bootstrap5.css" nonce="@Context.Items["Nonce"]"  rel="stylesheet" />
     <!-- Syncfusion ASP.NET Core controls scripts -->
-    <script src="https://cdn.syncfusion.com/ej2/{{ site.ej2version }}/dist/ej2.min.js" nonce="@Context.Items["ScriptNonce"]"></script>
+    <script src="https://cdn.syncfusion.com/ej2/{{ site.ej2version }}/dist/ej2.min.js" nonce="@Context.Items["Nonce"]"></script>
 </head>
 {% endhighlight %}
 {% endtabs %}
@@ -65,7 +66,7 @@ app.Use(async (context, next) =>
 <body>
     ...
     <!-- Syncfusion ASP.NET Core Script Manager -->
-    <ejs-scripts add-nonce="@Context.Items["ScriptNonce"]"></ejs-scripts>
+    <ejs-scripts add-nonce="@Context.Items["Nonce"]"></ejs-scripts>
 </body>
 {% endhighlight %}
 {% endtabs %}
