stanhu
commented
5 years ago Actually, this probably should be a configurable parameter in GraphiQL::Rails.config.
Closed bodhish closed 3 years ago
stanhu
commented
5 years ago Actually, this probably should be a configurable parameter in GraphiQL::Rails.config.
connorshea
commented
5 years ago I'd also very much appreciate this!
seanarnold
commented
4 years ago @rmosolgo We're waiting on this to get merged before we can upgrade. Would you mind taking a look at this?
rmosolgo
commented
3 years ago Thanks for the fix here!
This is much needed to prevent inline JavaScript from being blocked from Content Security Policy headers, since Rails 5 now supports nonce-based CSP headers. @rmosolgo Would you mind merging this and release a new version?