module ActionView::Helpers::CspHelper

Public Instance Methods

csp_meta_tag(**options) Show source 
# File actionview/lib/action_view/helpers/csp_helper.rb, line 17
def csp_meta_tag(**options)
  if content_security_policy?
    options[:name] = "csp-nonce"
    options[:content] = content_security_policy_nonce
    tag("meta", options)
  end
end

Returns a meta tag “csp-nonce” with the per-session nonce value for allowing inline <script> tags.

<head>
  <%= csp_meta_tag %>
</head>

This is used by the Rails UJS helper to create dynamically loaded inline <script> elements.

© 2004–2019 David Heinemeier Hansson
Licensed under the MIT License.