New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSP render js partial and best practice query? #152
Comments
I'm assuming you're using something like: $.ajax({
url: 'somewhere',
type: 'POST',
dataType: 'script'
});
From http://api.jquery.com/jquery.ajax/ I'd suggest not using |
Hello @oreoshake I'm in same situation, here is my js template and here is the call. So a person is shown to admin and he can select an academic group to move the person to. When the person group is changed, I want the js.erb to be rendered, so the admin can see new person's group immediately. What do you suggest me to do? |
I suggest you make the ajax call return the necessary data ( |
thank you, than other case I will move into React component (since the lib is already in the project). What do you think? |
makes sense to me |
How can I allow render js partial like in the code below, safely? test.rb
list.js.rb
Thank you. |
Hi
firstly, thanks for the great gem!
I have a quick query on setting the right CSP config for script_src in a rails application?
I have a remote UJS action which has a corresponding '.js.erb' template which runs some javascript when rendered. However, CSP blocks it from working unless I have 'eval' set inside script_src which is not secure.
Are there any recommendations to resolve this?
thanks
The text was updated successfully, but these errors were encountered: