railties/test/application/content_security_policy_test.rb · main · Rails relative code / rails-deleted-2

Feb 03, 2019

Add the ability to set the CSP nonce only to the specified directives · 09d55b30

yuuji.yaginuma authored Feb 03, 2019

I changed to set CSP nonce to `style-src` directive in #32932.
But this causes an issue when `unsafe-inline` is specified to `style-src`
(If a nonce is present, a nonce takes precedence over `unsafe-inline`).

So, I fixed to nonce directives configurable. By configure this, users
can make CSP as before.

Fixes #35137.

09d55b30

Add the ability to set the CSP nonce only to the specified directives

yuuji.yaginuma authored Feb 03, 2019

I changed to set CSP nonce to `style-src` directive in #32932.
But this causes an issue when `unsafe-inline` is specified to `style-src`
(If a nonce is present, a nonce takes precedence over `unsafe-inline`).

So, I fixed to nonce directives configurable. By configure this, users
can make CSP as before.

Fixes #35137.