Merge branch 'master' into fix-as-timezone-all

author: Andrew White <pixeltrix@users.noreply.github.com> 2018-04-19 08:24:21 +0100
committer: GitHub <noreply@github.com> 2018-04-19 08:24:21 +0100
commit: fb2af6f849c8d25732f2c17352c59f2dc8b8320d (patch)
tree: 9ea30543b6b2f68f15d9c0b711054ee035a4b8fe /guides/source/security.md
parent: 7d25b651fa9011b040fab2f19fb315679519edb2 (diff)
parent: ef2af628a9ec1cc4e7b6997a021dd3f85cfe4665 (diff)
download: rails-fb2af6f849c8d25732f2c17352c59f2dc8b8320d.tar.gz
rails-fb2af6f849c8d25732f2c17352c59f2dc8b8320d.tar.bz2
rails-fb2af6f849c8d25732f2c17352c59f2dc8b8320d.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/guides/source/security.md b/guides/source/security.md
index a21526d895..3ac50fb147 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -1182,6 +1182,12 @@ as part of `html_options`. Example:
 <% end -%>
 ```
 
+The same works with `javascript_include_tag`:
+
+```html+erb
+<%= javascript_include_tag "script", nonce: true %>
+```
+
 Use [`csp_meta_tag`](http://api.rubyonrails.org/classes/ActionView/Helpers/CspHelper.html#method-i-csp_meta_tag)
 helper to create a meta tag "csp-nonce" with the per-session nonce value
 for allowing inline `<script>` tags.
author	Andrew White <pixeltrix@users.noreply.github.com>	2018-04-19 08:24:21 +0100
committer	GitHub <noreply@github.com>	2018-04-19 08:24:21 +0100
commit	fb2af6f849c8d25732f2c17352c59f2dc8b8320d (patch)
tree	9ea30543b6b2f68f15d9c0b711054ee035a4b8fe /guides/source/security.md
parent	7d25b651fa9011b040fab2f19fb315679519edb2 (diff)
parent	ef2af628a9ec1cc4e7b6997a021dd3f85cfe4665 (diff)
download	rails-fb2af6f849c8d25732f2c17352c59f2dc8b8320d.tar.gz rails-fb2af6f849c8d25732f2c17352c59f2dc8b8320d.tar.bz2 rails-fb2af6f849c8d25732f2c17352c59f2dc8b8320d.zip