create.js.erb with Content Security Policy

computer_smile December 20, 2018 7:36am

Hello, I'm researching best practices on implementing a Content Security Policy for my 5.2 rails app. I have a few remote: true forms that respond with *.js.erb. It's my understanding that these will be treated as inline scripts and disallowed unless I have a unsafe-inline tag in my policy ( which I want to avoid).

Wondering if anyone has experience converting remote: true forms that respond with a .js.erb file to something that is following best practices for a Content Security Policy. Or, if you can point me to some links where I can further my research.

Thanks!

Join the discussion

Create an account Log in

Rails for Beginners

Advanced Ruby: Behind the Magic

Payments with Rails Master Class

Refactoring Rails

Learn Hotwire

Install and Deploy Rails Guides

Hatchbox.io

Jumpstart Rails SaaS Template

Remote Ruby Podcast

GoRails Open Source

Rails Hackathon

Beginner Bounties

Ruby on Rails Job Board

Notifications

create.js.erb with Content Security Policy

Want to stay up-to-date with Ruby on Rails?