rails_live_reload icon indicating copy to clipboard operation
rails_live_reload copied to clipboard

Published 20 hours ago verified publisher icon railsjazz

Support for nonce CSP

Open aeris opened this issue 6 months ago • 0 comments

Currently rails_live_reload is not usable with decent CSP directive (no unsafe-inline) and the content is blocked This patch use the native rails CSP nonce to whitelist the injected script

See https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/nonce https://api.rubyonrails.org/classes/ActionDispatch/ContentSecurityPolicy/Request.html#method-i-content_security_policy_nonce_generator

aeris avatar Aug 04 '24 17:08 aeris