Fix hashtag column options styling (#14247)

* Enable nonces for stylesheets * Pass nonce to react-select
author: ThibG <thib@sitedethib.com> 2020-07-07 01:33:38 +0200
committer: GitHub <noreply@github.com> 2020-07-07 01:33:38 +0200
commit: a783bdf4adee3444e9cd32c2eaa0712214ba1230 (patch)
tree: fa611c6741d116136b0e29aa2519858e17cf9d5b /config/initializers
parent: c3187411c26aa00eb5844e4a7f9889f2cb19867e (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 7dcc028ab..98dc711e1 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -47,7 +47,25 @@ end
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
 # Rails.application.config.content_security_policy_report_only = true
 
+Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) }
+
+# Monkey-patching Rails 5
+module ActionDispatch
+  class ContentSecurityPolicy
+    def nonce_directive?(directive)
+      directive == 'style-src'
+    end
+  end
+end
+
+# Rails 6 would require the following instead:
+# Rails.application.config.content_security_policy_nonce_directives = %w(style-src)
+
 PgHero::HomeController.content_security_policy do |p|
   p.script_src :self, :unsafe_inline, assets_host
   p.style_src  :self, :unsafe_inline, assets_host
 end
+
+PgHero::HomeController.after_action do
+  request.content_security_policy_nonce_generator = nil
+end
author	ThibG <thib@sitedethib.com>	2020-07-07 01:33:38 +0200
committer	GitHub <noreply@github.com>	2020-07-07 01:33:38 +0200
commit	a783bdf4adee3444e9cd32c2eaa0712214ba1230 (patch)
tree	fa611c6741d116136b0e29aa2519858e17cf9d5b /config/initializers
parent	c3187411c26aa00eb5844e4a7f9889f2cb19867e (diff)