aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--actionview/CHANGELOG.md7
-rw-r--r--actionview/app/assets/javascripts/rails-ujs/utils/ajax.coffee2
2 files changed, 8 insertions, 1 deletions
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md
index d833f9cd98..2c1ca12043 100644
--- a/actionview/CHANGELOG.md
+++ b/actionview/CHANGELOG.md
@@ -1,3 +1,10 @@
+* Fix JavaScript views rendering does not work with Firefox when using
+ Content Security Policy.
+
+ Fixes #32577.
+
+ *Yuji Yaginuma*
+
* Add the `nonce: true` option for `javascript_include_tag` helper to
support automatic nonce generation for Content Security Policy.
Works the same way as `javascript_tag nonce: true` does.
diff --git a/actionview/app/assets/javascripts/rails-ujs/utils/ajax.coffee b/actionview/app/assets/javascripts/rails-ujs/utils/ajax.coffee
index cf31c796df..019bda635a 100644
--- a/actionview/app/assets/javascripts/rails-ujs/utils/ajax.coffee
+++ b/actionview/app/assets/javascripts/rails-ujs/utils/ajax.coffee
@@ -66,7 +66,7 @@ processResponse = (response, type) ->
try response = JSON.parse(response)
else if type.match(/\b(?:java|ecma)script\b/)
script = document.createElement('script')
- script.nonce = cspNonce()
+ script.setAttribute('nonce', cspNonce())
script.text = response
document.head.appendChild(script).parentNode.removeChild(script)
else if type.match(/\bxml\b/)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 21:43:37 +0000