diff options
Diffstat (limited to 'actionview')
7 files changed, 16 insertions, 10 deletions
diff --git a/actionview/README.rdoc b/actionview/README.rdoc index 03a0723564..a9399752a1 100644 --- a/actionview/README.rdoc +++ b/actionview/README.rdoc @@ -27,7 +27,7 @@ Action View is released under the MIT license: API documentation is at -* http://api.rubyonrails.org +* https://api.rubyonrails.org Bug reports for the Ruby on Rails project can be filed here: diff --git a/actionview/app/assets/javascripts/README.md b/actionview/app/assets/javascripts/README.md index b9682b61e2..aa167004b6 100644 --- a/actionview/app/assets/javascripts/README.md +++ b/actionview/app/assets/javascripts/README.md @@ -52,5 +52,5 @@ Run `bundle exec rake ujs:server` first, and then run the web tests by visiting rails-ujs is released under the [MIT License](MIT-LICENSE). [data]: https://www.w3.org/TR/html5/dom.html#embedding-custom-non-visible-data-with-the-data-attributes "Embedding custom non-visible data with the data-* attributes" -[validator]: http://validator.w3.org/ -[csrf]: http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html +[validator]: https://validator.w3.org/ +[csrf]: https://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html diff --git a/actionview/app/assets/javascripts/rails-ujs/start.coffee b/actionview/app/assets/javascripts/rails-ujs/start.coffee index 5c1214df59..0347058195 100644 --- a/actionview/app/assets/javascripts/rails-ujs/start.coffee +++ b/actionview/app/assets/javascripts/rails-ujs/start.coffee @@ -2,6 +2,7 @@ fire, delegate getData, $ refreshCSRFTokens, CSRFProtection + loadCSPNonce enableElement, disableElement, handleDisabledElement handleConfirm, preventInsignificantClick handleRemote, formSubmitButtonClick, @@ -67,6 +68,7 @@ Rails.start = -> delegate document, Rails.formInputClickSelector, 'click', formSubmitButtonClick document.addEventListener('DOMContentLoaded', refreshCSRFTokens) + document.addEventListener('DOMContentLoaded', loadCSPNonce) window._rails_loaded = true if window.Rails is Rails and fire(document, 'rails:attachBindings') diff --git a/actionview/app/assets/javascripts/rails-ujs/utils/csp.coffee b/actionview/app/assets/javascripts/rails-ujs/utils/csp.coffee index 8d2d6ce447..a33f531375 100644 --- a/actionview/app/assets/javascripts/rails-ujs/utils/csp.coffee +++ b/actionview/app/assets/javascripts/rails-ujs/utils/csp.coffee @@ -1,4 +1,8 @@ -# Content-Security-Policy nonce for inline scripts -cspNonce = Rails.cspNonce = -> - meta = document.querySelector('meta[name=csp-nonce]') - meta and meta.content +nonce = null + +Rails.loadCSPNonce = -> + nonce = document.querySelector("meta[name=csp-nonce]")?.content + +# Returns the Content-Security-Policy nonce for inline scripts. +Rails.cspNonce = -> + nonce ? Rails.loadCSPNonce() diff --git a/actionview/lib/action_view/helpers/output_safety_helper.rb b/actionview/lib/action_view/helpers/output_safety_helper.rb index 279cde5e76..52a951b2ca 100644 --- a/actionview/lib/action_view/helpers/output_safety_helper.rb +++ b/actionview/lib/action_view/helpers/output_safety_helper.rb @@ -38,7 +38,7 @@ module ActionView #:nodoc: # Converts the array to a comma-separated sentence where the last element is # joined by the connector word. This is the html_safe-aware version of - # ActiveSupport's {Array#to_sentence}[http://api.rubyonrails.org/classes/Array.html#method-i-to_sentence]. + # ActiveSupport's {Array#to_sentence}[https://api.rubyonrails.org/classes/Array.html#method-i-to_sentence]. # def to_sentence(array, options = {}) options.assert_valid_keys(:words_connector, :two_words_connector, :last_word_connector, :locale) diff --git a/actionview/lib/action_view/helpers/translation_helper.rb b/actionview/lib/action_view/helpers/translation_helper.rb index 8289c806ee..d5b0a9263f 100644 --- a/actionview/lib/action_view/helpers/translation_helper.rb +++ b/actionview/lib/action_view/helpers/translation_helper.rb @@ -114,7 +114,7 @@ module ActionView # Delegates to <tt>I18n.localize</tt> with no additional functionality. # - # See http://rubydoc.info/github/svenfuchs/i18n/master/I18n/Backend/Base:localize + # See https://www.rubydoc.info/github/svenfuchs/i18n/master/I18n/Backend/Base:localize # for more information. def localize(*args) I18n.localize(*args) diff --git a/actionview/test/ujs/public/vendor/jquery-2.2.0.js b/actionview/test/ujs/public/vendor/jquery-2.2.0.js index 2c545b8ff3..a83c4faa16 100644 --- a/actionview/test/ujs/public/vendor/jquery-2.2.0.js +++ b/actionview/test/ujs/public/vendor/jquery-2.2.0.js @@ -9639,7 +9639,7 @@ jQuery.fn.extend( { // 2) For the hidden or detached element // 3) For body or html element, i.e. in case of the html node - it will return itself // - // but those exceptions were never presented as a real life use-cases + // but those exceptions were never presented as a real life use cases // and might be considered as more preferable results. // // This logic, however, is not guaranteed and can change at any point in the future |