Make JS views rendered work with content security policy

As of now, `HTMLElement.nonce` seems to work only in Chrome. So, it should not be used now. https://developer.mozilla.org/en-US/docs/Web/API/HTMLElement/nonce#Browser_compatibility Fixes #32577.
author: yuuji.yaginuma <yuuji.yaginuma@gmail.com> 2018-04-17 15:00:57 +0900
committer: Yuji Yaginuma <yuuji.yaginuma@gmail.com> 2018-04-20 15:41:56 +0900
commit: 1694b02909850c9d8f47fb644e98e1203d9f2898 (patch)
tree: 74a5e12f45d62f50dedab2e7e91a553da6802515 /actionview/app
parent: b8cd9302fe01dcaf4d36cc28cdfb7b9d7db832d8 (diff)
download: rails-1694b02909850c9d8f47fb644e98e1203d9f2898.tar.gz
rails-1694b02909850c9d8f47fb644e98e1203d9f2898.tar.bz2
rails-1694b02909850c9d8f47fb644e98e1203d9f2898.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/actionview/app/assets/javascripts/rails-ujs/utils/ajax.coffee b/actionview/app/assets/javascripts/rails-ujs/utils/ajax.coffee
index cf31c796df..019bda635a 100644
--- a/actionview/app/assets/javascripts/rails-ujs/utils/ajax.coffee
+++ b/actionview/app/assets/javascripts/rails-ujs/utils/ajax.coffee
@@ -66,7 +66,7 @@ processResponse = (response, type) ->
       try response = JSON.parse(response)
     else if type.match(/\b(?:java|ecma)script\b/)
       script = document.createElement('script')
-      script.nonce = cspNonce()
+      script.setAttribute('nonce', cspNonce())
       script.text = response
       document.head.appendChild(script).parentNode.removeChild(script)
     else if type.match(/\bxml\b/)
author	yuuji.yaginuma <yuuji.yaginuma@gmail.com>	2018-04-17 15:00:57 +0900
committer	Yuji Yaginuma <yuuji.yaginuma@gmail.com>	2018-04-20 15:41:56 +0900
commit	1694b02909850c9d8f47fb644e98e1203d9f2898 (patch)
tree	74a5e12f45d62f50dedab2e7e91a553da6802515 /actionview/app
parent	b8cd9302fe01dcaf4d36cc28cdfb7b9d7db832d8 (diff)
download	rails-1694b02909850c9d8f47fb644e98e1203d9f2898.tar.gz rails-1694b02909850c9d8f47fb644e98e1203d9f2898.tar.bz2 rails-1694b02909850c9d8f47fb644e98e1203d9f2898.zip