Add nonce option for secure headers

skel/livereload.html.erb

@@ -1,15 +1,23 @@
 <% if with_swf? %>
-  <script type="text/javascript">
+  <% if defined?(SecureHeaders) %>
-    WEB_SOCKET_SWF_LOCATION = "/__rack/WebSocketMain.swf";
+    <script type="text/javascript" nonce="<%= content_security_policy_script_nonce %>">
-    <% if force_swf? %>
+  <% else %>
-      WEB_SOCKET_FORCE_FLASH = true;
+    <script type="text/javascript">
-    <% end %>
+  <% end %>
-  </script>
+      WEB_SOCKET_SWF_LOCATION = "/__rack/WebSocketMain.swf";
-  <script type="text/javascript" src="<%= app_root %>/__rack/swfobject.js"></script>
+      <% if force_swf? %>
-  <script type="text/javascript" src="<%= app_root %>/__rack/web_socket.js"></script>
+        WEB_SOCKET_FORCE_FLASH = true;
+      <% end %>
+    </script>
+    <script type="text/javascript" src="<%= app_root %>/__rack/swfobject.js"></script>
+    <script type="text/javascript" src="<%= app_root %>/__rack/web_socket.js"></script>
 <% end %>
-<script type="text/javascript">
+<% if defined?(SecureHeaders) %>
-  RACK_LIVERELOAD_PORT = <%= @options[:live_reload_port] %>;
+  <script type="text/javascript" nonce="<%= content_security_policy_script_nonce %>">
-</script>
+<% else %>
+  <script type="text/javascript">
+<% end %>
+    RACK_LIVERELOAD_PORT = <%= @options[:live_reload_port] %>;
+  </script>
 <script type="text/javascript" src="<%= livereload_source %>"></script>