Add Rails' CSP nonce to the script tag

fgrehm / letter_opener_web

A web interface for browsing Ruby on Rails sent emails

MIT License

718 stars 112 forks source link

Add Rails' CSP nonce to the script tag #112

Closed dee-see closed 3 years ago

dee-see commented 3 years ago

If a CSP is configured and enabled in development mode, it blocks the script and breaks the page. This change adds the nonce when it's configured and leaves an empty nonce tag when it isn't, which doesn't cause any issues.

fgrehm commented 3 years ago

Hey @dee-see , just a heads up that this is something that will come along with the upcoming 2.0 I got in the works, see the PR linked above for more.

If you have the time, it'd be great if you could give that branch a try as well, tks in advance!

fgrehm commented 3 years ago

Just got a pre-release ready to go. Please give that a try when you get a chance and I'll also just ping more folks for testing before a final release. This PR should auto close after code is on master.

Thanks for your contribution!

dee-see commented 3 years ago

Had a quick look and it seems to work well, thanks!