Module: ActionView::Helpers::CspHelper

Included in:
ActionView::Helpers
Defined in:
actionview/lib/action_view/helpers/csp_helper.rb

Instance Method Summary collapse

Instance Method Details

#csp_meta_tag(**options) ⇒ Object

Action View CSP Helpers

Returns a meta tag “csp-nonce” with the per-session nonce value for allowing inline <script> tags.

<head>
  <%= csp_meta_tag %>
</head>

This is used by the Rails UJS helper to create dynamically loaded inline <script> elements.



18
19
20
21
22
23
24
# File 'actionview/lib/action_view/helpers/csp_helper.rb', line 18

def csp_meta_tag(**options)
  if content_security_policy?
    options[:name] = "csp-nonce"
    options[:content] = content_security_policy_nonce
    tag("meta", options)
  end
end