Module: GitlabScriptTagHelper

Defined in:
app/helpers/gitlab_script_tag_helper.rb

Instance Method Summary collapse

Instance Method Details

#javascript_include_tag(*sources) ⇒ Object

Override the default ActionView ‘javascript_include_tag` helper to support page specific deferred loading. PLEASE NOTE: `defer` is also critical so that we don’t run JavaScript entrypoints before the DOM is ready. Please see gitlab.com/groups/gitlab-org/-/epics/4538#note_432159769. The helper also makes sure the ‘nonce` attribute is included in every script when the content security policy is enabled.



9
10
11
12
13
 
# File 'app/helpers/gitlab_script_tag_helper.rb', line 9

def javascript_include_tag(*sources)
  options = { defer: true }.merge(sources.extract_options!)
  options[:nonce] = true
  super(*sources, **options)
end

#javascript_tag(content_or_options_with_block = nil, html_options = {}) ⇒ Object

The helper makes sure the ‘nonce` attribute is included in every script when the content security policy is enabled.



17
18
19
20
21
22
23
24
25
 
# File 'app/helpers/gitlab_script_tag_helper.rb', line 17

def javascript_tag(content_or_options_with_block = nil, html_options = {})
  if content_or_options_with_block.is_a?(Hash)
    content_or_options_with_block[:nonce] = true
  else
    html_options[:nonce] = true
  end

  super
end

#preload_link_tag(source, options = {}) ⇒ Object 



27
28
29
30
31
32
33
 
# File 'app/helpers/gitlab_script_tag_helper.rb', line 27

def preload_link_tag(source, options = {})
  # Chrome requires a nonce, see https://gitlab.com/gitlab-org/gitlab/-/issues/331810#note_584964908
  # It's likely to be a browser bug, but we need to work around it anyway
  options[:nonce] = content_security_policy_nonce

  super
end