Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/kul1/sjr42
Test Serverside javascript inline in Rails 4.2
https://github.com/kul1/sjr42
Last synced: 26 days ago
JSON representation
Test Serverside javascript inline in Rails 4.2
- Host: GitHub
- URL: https://github.com/kul1/sjr42
- Owner: kul1
- Created: 2019-10-18T17:46:47.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2022-12-14T08:33:47.000Z (almost 2 years ago)
- Last Synced: 2024-10-03T05:21:14.283Z (about 1 month ago)
- Language: Ruby
- Size: 29.3 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
teps to reproduce
Create a new Rails app:
rails new sjr-test
cd sjr-test
rake db:create db:migrate
Add the following files:
# config/routes.rb
Rails.application.routes.draw do
resources :sjrs, only: [:new, :create]
end
# app/controllers/sjrs_controller.rb
class SjrsController < ApplicationController
def new
end
def create
end
end
# app/views/sjrs/new.html.erb
<%= button_to "Create SJR", sjrs_path, remote: true %>
# app/views/users/create.js.erb
alert("SJR is working!")
Then:
Start the server
Visit http://localhost:3000/sjrs/new
Click on the "Create SJR" button
Expected behavior
You should see a JavaScript alert saying "SJR is working!".
Actual behavior
No alert is shown and Server-generated JavaScript Response isn't executed because of Content Security Policy. This is the error from JavaScript console:
rails-ujs.self-9d0f3ce06afecd4183b5a50580cd7617b5e10fba48d12d3cf53668539f4d77db.js:244 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https:". Either the 'unsafe-inline' keyword, a hash ('sha256-djTI7ayTUPgKSs+qoOHPSkHb3BZ3yW1FOMkS7/k/vzw='), or a nonce ('nonce-...') is required to enable inline execution.
System configuration
Rails version: 5.2.0.beta2
Ruby version: 2.4.1p111