Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add the nonce: true option for stylesheet_link_tag helper #50591

Merged
merged 1 commit into from
Jan 5, 2024
Merged

Add the nonce: true option for stylesheet_link_tag helper #50591

merged 1 commit into from
Jan 5, 2024

Conversation

akhilgkrishnan
Copy link
Member

@akhilgkrishnan akhilgkrishnan commented Jan 5, 2024
edited

Motivation / Background

#46141 added the style-src to the default nonce_directives. The javascript_tag and 'javascript_include_tagacceptsnonce: true` option to generate nonce automatically for CSP.

Detail

Add the nonce: true option for stylesheet_link_tag helper to support automatic nonce generation for Content Security Policy. Works the same way as previously introduced javascript_include_tag nonce: true does.

@ajesler Adding you as a co-author since you were worked on this feature previously.

Checklist

Before submitting the PR make sure the following are checked:

  • This Pull Request is related to one change. Changes that are unrelated should be opened in separate PRs.
  • Commit message has a detailed description of what changed and why. If this PR fixes a related issue include it in the commit message. Ex: [Fix #issue-number]
  • Tests are added or updated if you fix a bug or add a feature.
  • CHANGELOG files are updated for the changed libraries if there is a behavior change or additional feature. Minor bug fixes and documentation changes should not be included.

@akhilgkrishnan akhilgkrishnan force-pushed the add-nonce-stylesheet-link-tag branch 2 times, most recently from 92c5cca to 65f131a Compare January 5, 2024 07:22
@akhilgkrishnan @ajesler
Add the nonce: true option for stylesheet_link_tag helper
7fa6d15 
This provides a shortcut for setting a Content Security Policy nonce on
a stylesheet_link_tag.

Co-authored-by: AJ Esler <ajesler@users.noreply.github.com>
@rafaelfranca rafaelfranca merged commit 8c4af05 into rails:main Jan 5, 2024
4 checks passed
@akhilgkrishnan akhilgkrishnan deleted the add-nonce-stylesheet-link-tag branch January 5, 2024 16:04
This was referenced Jan 6, 2024
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
actionview docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@akhilgkrishnan @rafaelfranca