Closed Spone closed 6 years ago
Hello! There is an option for that https://github.com/gazay/gon/wiki/Options#nonce--foo
Great! But I think you could update the documentation, as nonce generation is now included in Rails 5.2.
You no longer need to use secure_headers
gem, you can just do:
<%= include_gon nonce: content_security_policy_nonce %>
This works and also fix the issue when you use Turbolinks on Rails. You might get this response when Turbolinks makes HTTP requests "failed to load response data: No response with given identifier"
Great! But I think you could update the documentation, as nonce generation is now included in Rails 5.2.
You no longer need to use
secure_headers
gem, you can just do:<%= include_gon nonce: content_security_policy_nonce %>
Since 5.2, Rails supports adding a
nonce
toscript
tags (see http://guides.rubyonrails.org/security.html#content-security-policy)What's the recommended way to use it with gon? I managed to make it work with:
but I'd rather do it in one line. Is there a way?