Initial commit

2020-05-31 22:38:19 +02:00
commit 858fafc3c5
1280 changed files with 65918 additions and 0 deletions
--- a/app/assets/javascripts/turbolinks-csp.js
+++ b/app/assets/javascripts/turbolinks-csp.js
@@ -0,0 +1,12 @@
+// Include CSP nonce for every Turbolinks request (see: content_security_policy.rb)
+document.addEventListener("turbolinks:request-start", function(event) {
+  var xhr = event.data.xhr;
+  xhr.setRequestHeader("X-Turbolinks-Nonce", $("meta[name='csp-nonce']").prop('content'));
+});
+
+// Ensure all <script> tags on Turbolinks cached pages include a nonce
+document.addEventListener("turbolinks:before-cache", function() {
+  $('script[nonce]').each(function(index, element) {
+    $(element).attr('nonce', element.nonce);
+  })
+})