diff options
Diffstat (limited to 'actionview')
| -rw-r--r-- | actionview/lib/action_view/helpers/csp_helper.rb | 6 | ||||
| -rw-r--r-- | actionview/test/template/csp_helper_test.rb | 4 |
2 files changed, 8 insertions, 2 deletions
diff --git a/actionview/lib/action_view/helpers/csp_helper.rb b/actionview/lib/action_view/helpers/csp_helper.rb index e2e065c218..4415018845 100644 --- a/actionview/lib/action_view/helpers/csp_helper.rb +++ b/actionview/lib/action_view/helpers/csp_helper.rb @@ -14,9 +14,11 @@ module ActionView # This is used by the Rails UJS helper to create dynamically # loaded inline <script> elements. # - def csp_meta_tag + def csp_meta_tag(**options) if content_security_policy? - tag("meta", name: "csp-nonce", content: content_security_policy_nonce) + options[:name] = "csp-nonce" + options[:content] = content_security_policy_nonce + tag("meta", options) end end end diff --git a/actionview/test/template/csp_helper_test.rb b/actionview/test/template/csp_helper_test.rb index 8bad25ba7d..1b7fd4665f 100644 --- a/actionview/test/template/csp_helper_test.rb +++ b/actionview/test/template/csp_helper_test.rb @@ -16,6 +16,10 @@ class CspHelperWithCspEnabledTest < ActionView::TestCase def test_csp_meta_tag assert_equal "<meta name=\"csp-nonce\" content=\"iyhD0Yc0W+c=\" />", csp_meta_tag end + + def test_csp_meta_tag_with_options + assert_equal "<meta property=\"csp-nonce\" name=\"csp-nonce\" content=\"iyhD0Yc0W+c=\" />", csp_meta_tag(property: "csp-nonce") + end end class CspHelperWithCspDisabledTest < ActionView::TestCase |