New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add the `nonce: true` option for `javascript_include_tag` helper. #32607

Merged
merged 1 commit into from Apr 18, 2018

Conversation

Projects
None yet
4 participants
@yaroslav
Contributor

yaroslav commented Apr 17, 2018

Summary

Add the nonce: true option for javascript_include_tag helper to support automatic nonce generation for Content Security Policy. Works the same way as previously introduced javascript_tag nonce: true does.

This way, one does not have to do ..., nonce: content_security_policy_nonce everywhere in templates to do nonce-based script-src CSP.

@rails-bot

This comment has been minimized.

rails-bot commented Apr 17, 2018

r? @schneems

(@rails-bot has picked a reviewer for you, use r? to override)

@yaroslav

This comment has been minimized.

Contributor

yaroslav commented Apr 17, 2018

@rails-bot rails-bot assigned pixeltrix and unassigned schneems Apr 17, 2018

@pixeltrix pixeltrix merged commit 185fce1 into rails:master Apr 18, 2018

2 checks passed

codeclimate All good!
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@pixeltrix

This comment has been minimized.

Member

pixeltrix commented Apr 18, 2018

@yaroslav thanks! 👍

pixeltrix added a commit that referenced this pull request Apr 18, 2018

Merge pull request #32607 from yaroslav/feature/nonce-for-javascript_…
…include_tag

Add the `nonce: true` option for `javascript_include_tag` helper.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment