aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/app/assets/javascripts/rails-ujs/utils/ajax.coffee
diff options
context:
space:
mode:
authoryuuji.yaginuma <yuuji.yaginuma@gmail.com>2018-04-17 15:00:57 +0900
committerYuji Yaginuma <yuuji.yaginuma@gmail.com>2018-04-20 15:41:56 +0900
commit1694b02909850c9d8f47fb644e98e1203d9f2898 (patch)
tree74a5e12f45d62f50dedab2e7e91a553da6802515 /actionview/app/assets/javascripts/rails-ujs/utils/ajax.coffee
parentb8cd9302fe01dcaf4d36cc28cdfb7b9d7db832d8 (diff)
downloadrails-1694b02909850c9d8f47fb644e98e1203d9f2898.tar.gz
rails-1694b02909850c9d8f47fb644e98e1203d9f2898.tar.bz2
rails-1694b02909850c9d8f47fb644e98e1203d9f2898.zip
Make JS views rendered work with content security policy
As of now, `HTMLElement.nonce` seems to work only in Chrome. So, it should not be used now. https://developer.mozilla.org/en-US/docs/Web/API/HTMLElement/nonce#Browser_compatibility Fixes #32577.
Diffstat (limited to 'actionview/app/assets/javascripts/rails-ujs/utils/ajax.coffee')
-rw-r--r--actionview/app/assets/javascripts/rails-ujs/utils/ajax.coffee2
1 files changed, 1 insertions, 1 deletions
diff --git a/actionview/app/assets/javascripts/rails-ujs/utils/ajax.coffee b/actionview/app/assets/javascripts/rails-ujs/utils/ajax.coffee
index cf31c796df..019bda635a 100644
--- a/actionview/app/assets/javascripts/rails-ujs/utils/ajax.coffee
+++ b/actionview/app/assets/javascripts/rails-ujs/utils/ajax.coffee
@@ -66,7 +66,7 @@ processResponse = (response, type) ->
try response = JSON.parse(response)
else if type.match(/\b(?:java|ecma)script\b/)
script = document.createElement('script')
- script.nonce = cspNonce()
+ script.setAttribute('nonce', cspNonce())
script.text = response
document.head.appendChild(script).parentNode.removeChild(script)
else if type.match(/\bxml\b/)