We've been implementing Content Security Policy using NWebsec & Asp.Net MVC5 and have it mostly working .
However, we haven't been able to configure to allow access to "manifest.json" file. There doesn't appear to be a way to set the "manifest-src" setting.
Does anyone know a way to do this?
The manifest-src directive is currently not supported in NWebsec, but it's scheduled for the next version: https://github.com/NWebsec/NWebsec/issues/91
In lack of the manifest-src directive , the default-src directive will limit where manifests can be loaded from. See https://www.w3.org/TR/CSP3/#directive-default-src