app/assets/javascripts/turbolinks-csp.js

// Include CSP nonce for every Turbolinks request (see: content_security_policy.rb)
document.addEventListener("turbolinks:request-start", function(event) {
  var xhr = event.data.xhr;
  xhr.setRequestHeader("X-Turbolinks-Nonce", $("meta[name='csp-nonce']").prop('content'));
});

// Ensure all <script> tags on Turbolinks cached pages include a nonce
document.addEventListener("turbolinks:before-cache", function() {
  $('script[nonce]').each(function(index, element) {
    $(element).attr('nonce', element.nonce);
  })
})
Initial commit 2020-05-31 22:38:19 +02:00			`// Include CSP nonce for every Turbolinks request (see: content_security_policy.rb)`
			`document.addEventListener("turbolinks:request-start", function(event) {`
			`var xhr = event.data.xhr;`
			`xhr.setRequestHeader("X-Turbolinks-Nonce", $("meta[name='csp-nonce']").prop('content'));`
			`});`

			`// Ensure all <script> tags on Turbolinks cached pages include a nonce`
			`document.addEventListener("turbolinks:before-cache", function() {`
			`$('script[nonce]').each(function(index, element) {`
			`$(element).attr('nonce', element.nonce);`
			`})`
			`})`