Merge pull request #32607 from yaroslav/feature/nonce-for-javascript_include_tag

Add the `nonce: true` option for `javascript_include_tag` helper.
author: Andrew White <pixeltrix@users.noreply.github.com> 2018-04-18 18:49:27 +0100
committer: GitHub <noreply@github.com> 2018-04-18 18:49:27 +0100
commit: 185fce159721b331cc9a0ae17b662373ee0fc95f (patch)
tree: aa5c6d50a33ad5681e1703fe0cffcf74927f9f12 /guides
parent: 7bcb04c73decc9fa0448cf75caeee6740942ad29 (diff)
parent: 47013a7126a92e1f2890b68e0fd2e7ba1b77c97c (diff)
download: rails-185fce159721b331cc9a0ae17b662373ee0fc95f.tar.gz
rails-185fce159721b331cc9a0ae17b662373ee0fc95f.tar.bz2
rails-185fce159721b331cc9a0ae17b662373ee0fc95f.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/guides/source/security.md b/guides/source/security.md
index a21526d895..3ac50fb147 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -1182,6 +1182,12 @@ as part of `html_options`. Example:
 <% end -%>
 ```
 
+The same works with `javascript_include_tag`:
+
+```html+erb
+<%= javascript_include_tag "script", nonce: true %>
+```
+
 Use [`csp_meta_tag`](http://api.rubyonrails.org/classes/ActionView/Helpers/CspHelper.html#method-i-csp_meta_tag)
 helper to create a meta tag "csp-nonce" with the per-session nonce value
 for allowing inline `<script>` tags.
author	Andrew White <pixeltrix@users.noreply.github.com>	2018-04-18 18:49:27 +0100
committer	GitHub <noreply@github.com>	2018-04-18 18:49:27 +0100
commit	185fce159721b331cc9a0ae17b662373ee0fc95f (patch)
tree	aa5c6d50a33ad5681e1703fe0cffcf74927f9f12 /guides
parent	7bcb04c73decc9fa0448cf75caeee6740942ad29 (diff)
parent	47013a7126a92e1f2890b68e0fd2e7ba1b77c97c (diff)
download	rails-185fce159721b331cc9a0ae17b662373ee0fc95f.tar.gz rails-185fce159721b331cc9a0ae17b662373ee0fc95f.tar.bz2 rails-185fce159721b331cc9a0ae17b662373ee0fc95f.zip