You’re not receiving notifications from this thread.
create.js.erb with Content Security Policy
Hello, I'm researching best practices on implementing a Content Security Policy for my 5.2 rails app. I have a few
remote: true forms that respond with
*.js.erb. It's my understanding that these will be treated as inline scripts and disallowed unless I have a
unsafe-inline tag in my policy ( which I want to avoid).
Wondering if anyone has experience converting
remote: true forms that respond with a
.js.erb file to something that is following best practices for a Content Security Policy. Or, if you can point me to some links where I can further my research.