Add nonce option for secure headers

This commit is contained in:
Leif Ringstad 2017-01-19 16:11:49 +01:00 committed by GitHub
parent c0c47cc83b
commit 065da9bc6e

View File

@ -1,15 +1,23 @@
<% if with_swf? %>
<script type="text/javascript">
WEB_SOCKET_SWF_LOCATION = "/__rack/WebSocketMain.swf";
<% if force_swf? %>
WEB_SOCKET_FORCE_FLASH = true;
<% end %>
</script>
<script type="text/javascript" src="<%= app_root %>/__rack/swfobject.js"></script>
<script type="text/javascript" src="<%= app_root %>/__rack/web_socket.js"></script>
<% if defined?(SecureHeaders) %>
<script type="text/javascript" nonce="<%= content_security_policy_script_nonce %>">
<% else %>
<script type="text/javascript">
<% end %>
WEB_SOCKET_SWF_LOCATION = "/__rack/WebSocketMain.swf";
<% if force_swf? %>
WEB_SOCKET_FORCE_FLASH = true;
<% end %>
</script>
<script type="text/javascript" src="<%= app_root %>/__rack/swfobject.js"></script>
<script type="text/javascript" src="<%= app_root %>/__rack/web_socket.js"></script>
<% end %>
<script type="text/javascript">
RACK_LIVERELOAD_PORT = <%= @options[:live_reload_port] %>;
</script>
<% if defined?(SecureHeaders) %>
<script type="text/javascript" nonce="<%= content_security_policy_script_nonce %>">
<% else %>
<script type="text/javascript">
<% end %>
RACK_LIVERELOAD_PORT = <%= @options[:live_reload_port] %>;
</script>
<script type="text/javascript" src="<%= livereload_source %>"></script>