Add the ability to set the CSP nonce only to the specified directives

I changed to set CSP nonce to `style-src` directive in #32932. But this causes an issue when `unsafe-inline` is specified to `style-src` (If a nonce is present, a nonce takes precedence over `unsafe-inline`). So, I fixed to nonce directives configurable. By configure this, users can make CSP as before. Fixes #35137.
author: yuuji.yaginuma <yuuji.yaginuma@gmail.com> 2019-02-03 11:33:44 +0900
committer: yuuji.yaginuma <yuuji.yaginuma@gmail.com> 2019-06-22 12:44:37 +0900
commit: 09d55b302266cf002a4b307f8d37a105d2838a18 (patch)
tree: a85cf250ab0171a780f34dd1c0edae56bea20e6d /actionpack/CHANGELOG.md
parent: a2a515d9de4ef0ddf4d78b05fcb0b838d2e1b5e3 (diff)
download: rails-09d55b302266cf002a4b307f8d37a105d2838a18.tar.gz
rails-09d55b302266cf002a4b307f8d37a105d2838a18.tar.bz2
rails-09d55b302266cf002a4b307f8d37a105d2838a18.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 55592585ea..0dd170fd28 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,3 +1,9 @@
+*   Add the ability to set the CSP nonce only to the specified directives.
+
+    Fixes #35137.
+
+    *Yuji Yaginuma*
+
 *   Keep part when scope option has value.
 
     When a route was defined within an optional scope, if that route didn't
author	yuuji.yaginuma <yuuji.yaginuma@gmail.com>	2019-02-03 11:33:44 +0900
committer	yuuji.yaginuma <yuuji.yaginuma@gmail.com>	2019-06-22 12:44:37 +0900
commit	09d55b302266cf002a4b307f8d37a105d2838a18 (patch)
tree	a85cf250ab0171a780f34dd1c0edae56bea20e6d /actionpack/CHANGELOG.md
parent	a2a515d9de4ef0ddf4d78b05fcb0b838d2e1b5e3 (diff)
download	rails-09d55b302266cf002a4b307f8d37a105d2838a18.tar.gz rails-09d55b302266cf002a4b307f8d37a105d2838a18.tar.bz2 rails-09d55b302266cf002a4b307f8d37a105d2838a18.zip