diff options
| author | Andrew White <pixeltrix@users.noreply.github.com> | 2018-04-19 08:24:21 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-04-19 08:24:21 +0100 |
| commit | fb2af6f849c8d25732f2c17352c59f2dc8b8320d (patch) | |
| tree | 9ea30543b6b2f68f15d9c0b711054ee035a4b8fe /actionview | |
| parent | 7d25b651fa9011b040fab2f19fb315679519edb2 (diff) | |
| parent | ef2af628a9ec1cc4e7b6997a021dd3f85cfe4665 (diff) | |
| download | rails-fb2af6f849c8d25732f2c17352c59f2dc8b8320d.tar.gz rails-fb2af6f849c8d25732f2c17352c59f2dc8b8320d.tar.bz2 rails-fb2af6f849c8d25732f2c17352c59f2dc8b8320d.zip | |
Merge branch 'master' into fix-as-timezone-all
Diffstat (limited to 'actionview')
| -rw-r--r-- | actionview/CHANGELOG.md | 6 | ||||
| -rw-r--r-- | actionview/lib/action_view/digestor.rb | 9 | ||||
| -rw-r--r-- | actionview/lib/action_view/helpers/asset_tag_helper.rb | 8 | ||||
| -rw-r--r-- | actionview/lib/action_view/helpers/translation_helper.rb | 6 | ||||
| -rw-r--r-- | actionview/test/template/asset_tag_helper_test.rb | 8 |
5 files changed, 34 insertions, 3 deletions
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md index 6bb1efb0ac..d833f9cd98 100644 --- a/actionview/CHANGELOG.md +++ b/actionview/CHANGELOG.md @@ -1,3 +1,9 @@ +* Add the `nonce: true` option for `javascript_include_tag` helper to + support automatic nonce generation for Content Security Policy. + Works the same way as `javascript_tag nonce: true` does. + + *Yaroslav Markin* + * Remove `ActionView::Helpers::RecordTagHelper`. *Yoshiyuki Hirano* diff --git a/actionview/lib/action_view/digestor.rb b/actionview/lib/action_view/digestor.rb index 45cf48b3e0..3832293251 100644 --- a/actionview/lib/action_view/digestor.rb +++ b/actionview/lib/action_view/digestor.rb @@ -71,11 +71,16 @@ module ActionView private def find_template(finder, *args) + name = args.first + prefixes = args[1] || [] + partial = args[2] || false + keys = args[3] || [] + options = args[4] || {} finder.disable_cache do if format = finder.rendered_format - finder.find_all(*args, formats: [format]).first || finder.find_all(*args).first + finder.find_all(name, prefixes, partial, keys, options.merge(formats: [format])).first || finder.find_all(name, prefixes, partial, keys, options).first else - finder.find_all(*args).first + finder.find_all(name, prefixes, partial, keys, options).first end end end diff --git a/actionview/lib/action_view/helpers/asset_tag_helper.rb b/actionview/lib/action_view/helpers/asset_tag_helper.rb index 06fa1875fc..257080d902 100644 --- a/actionview/lib/action_view/helpers/asset_tag_helper.rb +++ b/actionview/lib/action_view/helpers/asset_tag_helper.rb @@ -55,6 +55,8 @@ module ActionView # that path. # * <tt>:skip_pipeline</tt> - This option is used to bypass the asset pipeline # when it is set to true. + # * <tt>:nonce<tt> - When set to true, adds an automatic nonce value if + # you have Content Security Policy enabled. # # ==== Examples # @@ -79,6 +81,9 @@ module ActionView # # javascript_include_tag "http://www.example.com/xmlhr.js" # # => <script src="http://www.example.com/xmlhr.js"></script> + # + # javascript_include_tag "http://www.example.com/xmlhr.js", nonce: true + # # => <script src="http://www.example.com/xmlhr.js" nonce="..."></script> def javascript_include_tag(*sources) options = sources.extract_options!.stringify_keys path_options = options.extract!("protocol", "extname", "host", "skip_pipeline").symbolize_keys @@ -90,6 +95,9 @@ module ActionView tag_options = { "src" => href }.merge!(options) + if tag_options["nonce"] == true + tag_options["nonce"] = content_security_policy_nonce + end content_tag("script".freeze, "", tag_options) }.join("\n").html_safe diff --git a/actionview/lib/action_view/helpers/translation_helper.rb b/actionview/lib/action_view/helpers/translation_helper.rb index 80cb73d683..db44fdbfee 100644 --- a/actionview/lib/action_view/helpers/translation_helper.rb +++ b/actionview/lib/action_view/helpers/translation_helper.rb @@ -60,7 +60,11 @@ module ActionView def translate(key, options = {}) options = options.dup has_default = options.has_key?(:default) - remaining_defaults = Array(options.delete(:default)).compact + if has_default + remaining_defaults = Array(options.delete(:default)).compact + else + remaining_defaults = [] + end if has_default && !remaining_defaults.first.kind_of?(Symbol) options[:default] = remaining_defaults diff --git a/actionview/test/template/asset_tag_helper_test.rb b/actionview/test/template/asset_tag_helper_test.rb index 6d98eacfb8..e68f03d1f4 100644 --- a/actionview/test/template/asset_tag_helper_test.rb +++ b/actionview/test/template/asset_tag_helper_test.rb @@ -29,6 +29,10 @@ class AssetTagHelperTest < ActionView::TestCase "http://www.example.com" end + def content_security_policy_nonce + "iyhD0Yc0W+c=" + end + AssetPathToTag = { %(asset_path("")) => %(), %(asset_path(" ")) => %(), @@ -421,6 +425,10 @@ class AssetTagHelperTest < ActionView::TestCase assert_dom_equal %(<script src="//assets.example.com/javascripts/prototype.js"></script>), javascript_include_tag("prototype") end + def test_javascript_include_tag_nonce + assert_dom_equal %(<script src="/javascripts/bank.js" nonce="iyhD0Yc0W+c="></script>), javascript_include_tag("bank", nonce: true) + end + def test_stylesheet_path StylePathToTag.each { |method, tag| assert_dom_equal(tag, eval(method)) } end |