Module: ActionView::Helpers::CspHelper

Included in:

ActionView::Helpers

Defined in:

lib/action_view/helpers/csp_helper.rb

Overview

:nodoc:

Instance Method Summary

• #csp_meta_tag ⇒ Object

  Returns a meta tag “csp-nonce” with the per-session nonce value for allowing inline <script> tags.

Instance Method Details

#csp_meta_tag ⇒ Object

Returns a meta tag “csp-nonce” with the per-session nonce value for allowing inline <script> tags.

<head>
  <%= csp_meta_tag %>
</head>

This is used by the Rails UJS helper to create dynamically loaded inline <script> elements.

# File 'lib/action_view/helpers/csp_helper.rb', line 17

def csp_meta_tag
  if content_security_policy?
    tag("meta", name: "csp-nonce", content: content_security_policy_nonce)
  end
end