aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/app
diff options
context:
space:
mode:
Diffstat (limited to 'actionview/app')
-rw-r--r--actionview/app/assets/javascripts/README.md4
-rw-r--r--actionview/app/assets/javascripts/rails-ujs/start.coffee2
-rw-r--r--actionview/app/assets/javascripts/rails-ujs/utils/csp.coffee12
3 files changed, 12 insertions, 6 deletions
diff --git a/actionview/app/assets/javascripts/README.md b/actionview/app/assets/javascripts/README.md
index b9682b61e2..aa167004b6 100644
--- a/actionview/app/assets/javascripts/README.md
+++ b/actionview/app/assets/javascripts/README.md
@@ -52,5 +52,5 @@ Run `bundle exec rake ujs:server` first, and then run the web tests by visiting
rails-ujs is released under the [MIT License](MIT-LICENSE).
[data]: https://www.w3.org/TR/html5/dom.html#embedding-custom-non-visible-data-with-the-data-attributes "Embedding custom non-visible data with the data-* attributes"
-[validator]: http://validator.w3.org/
-[csrf]: http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html
+[validator]: https://validator.w3.org/
+[csrf]: https://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html
diff --git a/actionview/app/assets/javascripts/rails-ujs/start.coffee b/actionview/app/assets/javascripts/rails-ujs/start.coffee
index 5c1214df59..0347058195 100644
--- a/actionview/app/assets/javascripts/rails-ujs/start.coffee
+++ b/actionview/app/assets/javascripts/rails-ujs/start.coffee
@@ -2,6 +2,7 @@
fire, delegate
getData, $
refreshCSRFTokens, CSRFProtection
+ loadCSPNonce
enableElement, disableElement, handleDisabledElement
handleConfirm, preventInsignificantClick
handleRemote, formSubmitButtonClick,
@@ -67,6 +68,7 @@ Rails.start = ->
delegate document, Rails.formInputClickSelector, 'click', formSubmitButtonClick
document.addEventListener('DOMContentLoaded', refreshCSRFTokens)
+ document.addEventListener('DOMContentLoaded', loadCSPNonce)
window._rails_loaded = true
if window.Rails is Rails and fire(document, 'rails:attachBindings')
diff --git a/actionview/app/assets/javascripts/rails-ujs/utils/csp.coffee b/actionview/app/assets/javascripts/rails-ujs/utils/csp.coffee
index 8d2d6ce447..a33f531375 100644
--- a/actionview/app/assets/javascripts/rails-ujs/utils/csp.coffee
+++ b/actionview/app/assets/javascripts/rails-ujs/utils/csp.coffee
@@ -1,4 +1,8 @@
-# Content-Security-Policy nonce for inline scripts
-cspNonce = Rails.cspNonce = ->
- meta = document.querySelector('meta[name=csp-nonce]')
- meta and meta.content
+nonce = null
+
+Rails.loadCSPNonce = ->
+ nonce = document.querySelector("meta[name=csp-nonce]")?.content
+
+# Returns the Content-Security-Policy nonce for inline scripts.
+Rails.cspNonce = ->
+ nonce ? Rails.loadCSPNonce()
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-20 03:03:06 +0000