kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
rails--rails/actionview/app/assets/javascripts/rails-ujs/utils/csp.coffee
George Claghorn ceeef26fd4
Read the CSP nonce on page load 
Turbolinks replaces the CSP nonce <meta> tag on page change, but inline scripts inserted by UJS need the nonce from the initial page load. In general, it doesn't matter to UJS if the nonce changes after the page loads: only the initial value is relevant.
2019-03-08 15:25:24 -05:00

8 lines
220 B
CoffeeScript
Raw Blame History

nonce = null
Rails.loadCSPNonce = ->
nonce = document.querySelector("meta[name=csp-nonce]")?.content
# Returns the Content-Security-Policy nonce for inline scripts.
Rails.cspNonce = ->
nonce ? Rails.loadCSPNonce()
View git blame Copy permalink