From 47013a7126a92e1f2890b68e0fd2e7ba1b77c97c Mon Sep 17 00:00:00 2001
From: Yaroslav Markin <yaroslav@markin.net>
Date: Tue, 17 Apr 2018 18:05:12 +0300
Subject: Add the `nonce: true` option for `javascript_include_tag` helper.

---
 guides/source/security.md | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'guides/source/security.md')

diff --git a/guides/source/security.md b/guides/source/security.md
index a21526d895..3ac50fb147 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -1182,6 +1182,12 @@ as part of `html_options`. Example:
 <% end -%>
 ```
 
+The same works with `javascript_include_tag`:
+
+```html+erb
+<%= javascript_include_tag "script", nonce: true %>
+```
+
 Use [`csp_meta_tag`](http://api.rubyonrails.org/classes/ActionView/Helpers/CspHelper.html#method-i-csp_meta_tag)
 helper to create a meta tag "csp-nonce" with the per-session nonce value
 for allowing inline `<script>` tags.
-- 
cgit v1.2.3