Closed bodhish closed 3 years ago
Actually, this probably should be a configurable parameter in GraphiQL::Rails.config
.
I'd also very much appreciate this!
@rmosolgo We're waiting on this to get merged before we can upgrade. Would you mind taking a look at this?
Thanks for the fix here!
This is much needed to prevent inline JavaScript from being blocked from Content Security Policy headers, since Rails 5 now supports nonce-based CSP headers. @rmosolgo Would you mind merging this and release a new version?