Open aeris opened 1 month ago
Currently rails_live_reload is not usable with decent CSP directive (no unsafe-inline) and the content is blocked This patch use the native rails CSP nonce to whitelist the injected script
rails_live_reload
unsafe-inline
See https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/nonce https://api.rubyonrails.org/classes/ActionDispatch/ContentSecurityPolicy/Request.html#method-i-content_security_policy_nonce_generator
Currently
rails_live_reload
is not usable with decent CSP directive (nounsafe-inline
) and the content is blocked This patch use the native rails CSP nonce to whitelist the injected scriptSee https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/nonce https://api.rubyonrails.org/classes/ActionDispatch/ContentSecurityPolicy/Request.html#method-i-content_security_policy_nonce_generator