Module: ActionView::Helpers::CspHelper

Relationships & Source Files
Extension / Inclusion / Inheritance Descendants
Included In: `::ActionDispatch::DebugView`, `::ActionView::Base`, `::ActionView::Helpers`, `::ActionView::TestCase`, `::ActionView::TestCase::Behavior`
Defined in:	actionview/lib/action_view/helpers/csp_helper.rb

Overview

Action View CSP Helpers

Instance Method Summary

#csp_meta_tag(**options)

Returns a meta tag “csp-nonce” with the per-session nonce value for allowing inline <script> tags.

Instance Method Details

#csp_meta_tag(**options)

Returns a meta tag “csp-nonce” with the per-session nonce value for allowing inline <script> tags.

<head>
  <%= csp_meta_tag %>
</head>

This is used by the Rails UJS helper to create dynamically loaded inline <script> elements.

[ GitHub ]

# File 'actionview/lib/action_view/helpers/csp_helper.rb', line 17


def csp_meta_tag(**options)
  if content_security_policy?
    options[:name] = "csp-nonce"
    options[:content] = content_security_policy_nonce
    tag("meta", options)
  end
end