hardcode transformations in the build tool

Author: aaronshim

packages/angular/build/src/tools/esbuild/index-html-generator.ts

@@ -94,6 +94,7 @@ export async function generateIndexHtml(
       buildOptions.prerenderOptions ||
       buildOptions.appShellOptions
     ),
+    autoCsp: true,
   });
 
   indexHtmlGenerator.readAsset = readAsset;

packages/angular/build/src/utils/index-file/index-html-generator.ts

@@ -16,6 +16,7 @@ import { InlineCriticalCssProcessor } from './inline-critical-css';
 import { InlineFontsProcessor } from './inline-fonts';
 import { addNgcmAttribute } from './ngcm-attribute';
 import { addNonce } from './nonce';
+import { autoCsp } from './auto-csp';
 
 type IndexHtmlGeneratorPlugin = (
   html: string,
@@ -43,6 +44,7 @@ export interface IndexHtmlGeneratorOptions {
   cache?: NormalizedCachedOptions;
   imageDomains?: string[];
   generateDedicatedSSRContent?: boolean;
+  autoCsp?: boolean;
 }
 
 export type IndexHtmlTransform = (content: string) => Promise<string>;
@@ -86,6 +88,11 @@ export class IndexHtmlGenerator {
       this.csrPlugins.push(addNgcmAttributePlugin());
       this.ssrPlugins.push(addEventDispatchContractPlugin(), addNoncePlugin());
     }
+
+    // Auto-CSP (as the last step)
+    if (options.autoCsp) {
+      this.csrPlugins.push(autoCspPlugin());
+    }
   }
 
   async process(options: IndexHtmlGeneratorProcessOptions): Promise<IndexHtmlProcessResult> {
@@ -198,6 +205,10 @@ function addNoncePlugin(): IndexHtmlGeneratorPlugin {
   return (html) => addNonce(html);
 }
 
+function autoCspPlugin(): IndexHtmlGeneratorPlugin {
+  return (html) => autoCsp(html);
+}
+
 function postTransformPlugin({ options }: IndexHtmlGenerator): IndexHtmlGeneratorPlugin {
   return async (html) => (options.postTransform ? options.postTransform(html) : html);
 }