New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add nonce for strict Content Security Policy #79

Open

frenkel wants to merge 1 commit into hotwired:main from frenkel:patch-1

frenkel commented Feb 10, 2025 •

edited

Loading

Without a nonce an application with the following config will have errors in the browser.

Rails.application.configure do
  config.content_security_policy do |policy|
    policy.script_src :strict_dynamic
  end
end

Error (translated):

The page settings have blocked the execution of a script (script-src-elem) at http://localhost:3000/assets/hotwire_spark-d7e0ee73.js because it violates the following directive: ‘script-src 'strict-dynamic' 'nonce-e46d3874a949188ba1c4f5bbb3f93f8c'’


          Add nonce for strict Content Security Policy

c248a84

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet