Merge pull request #35269 from y-yagi/allow_to_pass_options_to_csp_meta_tag

Allow to pass options to `csp_meta_tag`

Merge pull request #35269 from y-yagi/allow_to_pass_options_to_csp_meta_tag
Allow to pass options to `csp_meta_tag`
f851e4a5 · Yuji Yaginuma · GitHub · 3aa3c068 · 96937335 · f851e4a5
Showing with 8 addition and 2 deletion

actionview/lib/action_view/helpers/csp_helper.rb actionview/lib/action_view/helpers/csp_helper.rb +4 -2

actionview/test/template/csp_helper_test.rb actionview/test/template/csp_helper_test.rb +4 -0

未找到文件。
--- a/actionview/lib/action_view/helpers/csp_helper.rb
+++ b/actionview/lib/action_view/helpers/csp_helper.rb
@@ -14,9 +14,11 @@ module CspHelper
      # This is used by the Rails UJS helper to create dynamically
      # loaded inline <script> elements.
      #
-      def csp_meta_tag
+      def csp_meta_tag(**options)
        if content_security_policy?
-          tag("meta", name: "csp-nonce", content: content_security_policy_nonce)
+          options[:name] = "csp-nonce"
+          options[:content] = content_security_policy_nonce
+          tag("meta", options)
        end
      end
    end

--- a/actionview/test/template/csp_helper_test.rb
+++ b/actionview/test/template/csp_helper_test.rb
@@ -16,6 +16,10 @@ def content_security_policy?
  def test_csp_meta_tag
    assert_equal "<meta name=\"csp-nonce\" content=\"iyhD0Yc0W+c=\" />", csp_meta_tag
  end
+
+  def test_csp_meta_tag_with_options
+    assert_equal "<meta property=\"csp-nonce\" name=\"csp-nonce\" content=\"iyhD0Yc0W+c=\" />", csp_meta_tag(property: "csp-nonce")
+  end
 end

 class CspHelperWithCspDisabledTest < ActionView::TestCase