josevalim
commented
4 years ago Sure, PR is welcome! I think we already have an app env for config. But it may be able to go to the plug too.
Closed hauleth closed 4 years ago
josevalim
commented
4 years ago Sure, PR is welcome! I think we already have an app env for config. But it may be able to go to the plug too.
hauleth
commented
4 years ago 
mbramson
commented
4 years ago Confirming this would be useful to be able to add a nonce to the iframe to satisfy a content security policy.
josevalim
commented
4 years ago Are you sure a nonce is necessary? The iFrame is hosted in the same app and the contents of the iFrame are applied to the policy returned by the iFrame. If your CSP plugs comes after the live reload one, you should be good.
This would be useful for situations when there is used dynamic reload tooling like Turbolinks used as it would prevent needless updates of iframe.