actionview/lib/action_view/helpers/csp_helper.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

# frozen_string_literal: true

module ActionView
  # = Action View CSP Helper
  module Helpers #:nodoc:
    module CspHelper
      # Returns a meta tag "csp-nonce" with the per-session nonce value
      # for allowing inline <script> tags.
      #
      #   <head>
      #     <%= csp_meta_tag %>
      #   </head>
      #
      # This is used by the Rails UJS helper to create dynamically
      # loaded inline <script> elements.
      #
      def csp_meta_tag
        if content_security_policy?
          tag("meta", name: "csp-nonce", content: content_security_policy_nonce)
        end
      end
    end
  end
end