aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/app
diff options
context:
space:
mode:
Diffstat (limited to 'actionview/app')
-rw-r--r--actionview/app/assets/javascripts/rails-ujs/start.coffee2
-rw-r--r--actionview/app/assets/javascripts/rails-ujs/utils/csp.coffee12
2 files changed, 10 insertions, 4 deletions
diff --git a/actionview/app/assets/javascripts/rails-ujs/start.coffee b/actionview/app/assets/javascripts/rails-ujs/start.coffee
index 5c1214df59..0347058195 100644
--- a/actionview/app/assets/javascripts/rails-ujs/start.coffee
+++ b/actionview/app/assets/javascripts/rails-ujs/start.coffee
@@ -2,6 +2,7 @@
fire, delegate
getData, $
refreshCSRFTokens, CSRFProtection
+ loadCSPNonce
enableElement, disableElement, handleDisabledElement
handleConfirm, preventInsignificantClick
handleRemote, formSubmitButtonClick,
@@ -67,6 +68,7 @@ Rails.start = ->
delegate document, Rails.formInputClickSelector, 'click', formSubmitButtonClick
document.addEventListener('DOMContentLoaded', refreshCSRFTokens)
+ document.addEventListener('DOMContentLoaded', loadCSPNonce)
window._rails_loaded = true
if window.Rails is Rails and fire(document, 'rails:attachBindings')
diff --git a/actionview/app/assets/javascripts/rails-ujs/utils/csp.coffee b/actionview/app/assets/javascripts/rails-ujs/utils/csp.coffee
index 8d2d6ce447..a33f531375 100644
--- a/actionview/app/assets/javascripts/rails-ujs/utils/csp.coffee
+++ b/actionview/app/assets/javascripts/rails-ujs/utils/csp.coffee
@@ -1,4 +1,8 @@
-# Content-Security-Policy nonce for inline scripts
-cspNonce = Rails.cspNonce = ->
- meta = document.querySelector('meta[name=csp-nonce]')
- meta and meta.content
+nonce = null
+
+Rails.loadCSPNonce = ->
+ nonce = document.querySelector("meta[name=csp-nonce]")?.content
+
+# Returns the Content-Security-Policy nonce for inline scripts.
+Rails.cspNonce = ->
+ nonce ? Rails.loadCSPNonce()
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 18:44:57 +0000