1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
rails--rails/actionview/lib/action_view/helpers/csp_helper.rb
yuuji.yaginuma 96937335d1 Allow to pass options to csp_meta_tag
Currently `csp_meta_tag` generates `name` attribute only.
However, in libraries like `Material-UI` and `JSS`, expect that the meta tag
that contains the nonce with `property` attribute.

https://material-ui.com/css-in-js/advanced/#how-does-one-implement-csp
https://github.com/cssinjs/jss/blob/master/docs/csp.md

This patch allows `csp_meta_tag` to specify arbitrary options and
allows `nonce` to be passed to those libraries.
2019-02-16 09:36:37 +09:00

26 lines
679 B
Ruby

# frozen_string_literal: true
module ActionView
# = Action View CSP Helper
module Helpers #:nodoc:
module CspHelper
# Returns a meta tag "csp-nonce" with the per-session nonce value
# for allowing inline <script> tags.
#
# <head>
# <%= csp_meta_tag %>
# </head>
#
# This is used by the Rails UJS helper to create dynamically
# loaded inline <script> elements.
#
def csp_meta_tag(**options)
if content_security_policy?
options[:name] = "csp-nonce"
options[:content] = content_security_policy_nonce
tag("meta", options)
end
end
end
end
end