search

vergilet / repost

Redirect using POST method
https://vergilet.github.io/repost
MIT License
84 stars 12 forks source link

Compatibility with secure Content Security Policy #12

Closed eric-hemasystems closed 4 years ago

eric-hemasystems commented 4 years ago

To auto-submit the form, a bare script tag is generated. If a website has a content security policy, this is not allowed unless the website has enabled the "unsafe_inline" policy (which of course mostly defeats the purpose of a CSP).

This commit update the Repost::Senpai object allow a nonce to be configured to whitelist this inline script tag.

Since Rails supports a CSP out-of-the-box, the repost method has been configured to retrieve the request nonce and provide it to the Repost::Senpai object automatically.

If a nonce is desired outside of Rails (Sinatra, etc) this would have to be configured manually.

vergilet commented 4 years ago

Good job!

modille commented 4 years ago

@vergilet any chance you can release a new build on rubygems with this commit?

vergilet commented 4 years ago

@modille sure, pushed build to rubygems, version 0.3.4

https://rubygems.org/gems/repost/versions/0.3.4