Skip to content

feat: add link and script tag helpers #1914

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
SimenB wants to merge 3 commits into
base: master
Choose a base branch
from
Open

feat: add link and script tag helpers #1914

SimenB wants to merge 3 commits into from

Conversation

@SimenB
Copy link

@SimenB SimenB commented Apr 10, 2025

These can be overridden by consumers to add e.g. nonce.

In our config/resque.rb I've added the following

module Resque
  module ServerHelper
    def script_tag(src)
      base = "<script src=\"#{url_path(src)}\" type=\"text/javascript\"></script>"

      request = ActionDispatch::Request.new(env)

      nonce = request.content_security_policy_nonce

      return base unless nonce

      base.gsub(/><\/script>$/, " nonce=\"#{nonce}\"></script>")
    end

    def link_tag(src)
      base = "<link href=\"#{url_path(src)}\" media=\"screen\" rel=\"stylesheet\" type=\"text/css\">"

      request = ActionDispatch::Request.new(env)

      nonce = request.content_security_policy_nonce

      return base unless nonce

      base.gsub(/">$/, "\" nonce=\"#{nonce}\">")
    end
  end
end

And with that, the CSP errors are gone 🥳

image

(Note that I am by no means a ruby/rails/sinatra/rack expert, but this works. Happy to change approach if there are better ways to go about this. I'd like to avoid having to maintain a fork, tho)

Fixes #1897

@SimenB
feat: add link and script tag helpers
4146e01 
These can be overridden by consumers to add e.g. `nonce`
@SimenB SimenB mentioned this pull request Apr 14, 2025
Open
PatrickTulskie
PatrickTulskie requested changes Nov 29, 2025
View reviewed changes
Copy link
Contributor

@PatrickTulskie PatrickTulskie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is okay. Just two formatting suggestions to make things a little easier to read.

If you can update your PR in the next day, I should be able to sneak this into 3.0.

SimenB and others added 2 commits November 29, 2025 23:17
@SimenB
Copy link
Author

SimenB commented Dec 23, 2025

@PatrickTulskie I updated btw - dunno if an email fires when I accept suggestions 😅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PatrickTulskie PatrickTulskie PatrickTulskie requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Overview UI Broken Due to Nonce Whitelist

2 participants

@SimenB @PatrickTulskie