Module: GitlabScriptTagHelper

Defined in:
app/helpers/gitlab_script_tag_helper.rb

Instance Method Summary collapse

Instance Method Details

#javascript_include_tag(*sources) ⇒ Object

Override the default ActionView `javascript_include_tag` helper to support page specific deferred loading. PLEASE NOTE: `defer` is also critical so that we don't run JavaScript entrypoints before the DOM is ready. Please see gitlab.com/groups/gitlab-org/-/epics/4538#note_432159769. The helper also makes sure the `nonce` attribute is included in every script when the content security policy is enabled.


9
10
11
# File 'app/helpers/gitlab_script_tag_helper.rb', line 9

def javascript_include_tag(*sources)
  super(*sources, defer: true, nonce: true)
end

#javascript_tag(content_or_options_with_block = nil, html_options = {}) ⇒ Object

The helper makes sure the `nonce` attribute is included in every script when the content security policy is enabled.


15
16
17
18
19
20
21
22
23
# File 'app/helpers/gitlab_script_tag_helper.rb', line 15

def javascript_tag(content_or_options_with_block = nil, html_options = {})
  if content_or_options_with_block.is_a?(Hash)
    content_or_options_with_block[:nonce] = true
  else
    html_options[:nonce] = true
  end

  super
end

25
26
27
28
29
30
31
# File 'app/helpers/gitlab_script_tag_helper.rb', line 25

def preload_link_tag(source, options = {})
  # Chrome requires a nonce, see https://gitlab.com/gitlab-org/gitlab/-/issues/331810#note_584964908
  # It's likely to be a browser bug, but we need to work around it anyway
  options[:nonce] = content_security_policy_nonce

  super
end