Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Read the csp meta tag nonce attribute and fall back to content #1151

Merged

Conversation

tvongaza
Copy link
Contributor

@tvongaza tvongaza commented May 8, 2024

This PR allows Trix to support rails/rails#51729. This changes Trix to read the meta tag's nonce attribute first and fall back to the content attribute.

As described in rails/rails#51580 (comment) this makes it harder to extract the nonce value.

Similar to hotwired/turbo#1254

Copy link
Member

@jorgemanrubia jorgemanrubia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @tvongaza

@jorgemanrubia jorgemanrubia merged commit b2cefb4 into basecamp:main Oct 10, 2024
1 check passed
@jorgemanrubia
Copy link
Member

We'll release a new version shortly including this one.

seanpdoyle added a commit to seanpdoyle/trix that referenced this pull request Nov 20, 2024
Follow-up to [basecamp#1151][]. Add unit test coverage for the
`installDefaultCSSForTagName` functions support for both `meta[content]`
and `meta[nonce]` attribute support.

[basecamp#1151]: basecamp#1151
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants