Module: SecureHeaders::ViewHelpers

Included in:

ActionView::Base

Defined in:

lib/secure_headers/view_helper.rb

Instance Method Summary

• #content_security_policy_nonce(type) ⇒ Object

  Public: use the content security policy nonce for this request directly.

• #nonced_javascript_tag(content_or_options = {}, &block) ⇒ Object

  Public: create a script tag using the content security policy nonce.

• #nonced_style_tag(content_or_options = {}, &block) ⇒ Object

  Public: create a style tag using the content security policy nonce.

Instance Method Details

#content_security_policy_nonce(type) ⇒ Object

Public: use the content security policy nonce for this request directly. Instructs secure_headers to append a nonce to style/script-src directives.

Returns a non-html-safe nonce value.

# File 'lib/secure_headers/view_helper.rb', line 23

def content_security_policy_nonce(type)
  case type
  when :script
    SecureHeaders.content_security_policy_script_nonce(@_request)
  when :style
    SecureHeaders.content_security_policy_style_nonce(@_request)
  end
end

#nonced_javascript_tag(content_or_options = {}, &block) ⇒ Object

Public: create a script tag using the content security policy nonce. Instructs secure_headers to append a nonce to style/script-src directives.

Returns an html-safe script tag with the nonce attribute.

# File 'lib/secure_headers/view_helper.rb', line 15

def nonced_javascript_tag(content_or_options = {}, &block)
  nonced_tag(:script, content_or_options, block)
end

#nonced_style_tag(content_or_options = {}, &block) ⇒ Object

Public: create a style tag using the content security policy nonce. Instructs secure_headers to append a nonce to style/script-src directives.

Returns an html-safe style tag with the nonce attribute.

# File 'lib/secure_headers/view_helper.rb', line 7

def nonced_style_tag(content_or_options = {}, &block)
  nonced_tag(:style, content_or_options, block)
end