[ActionView] Add `nonce: true` option to `stylesheet_link_tag`

Hi,

I was doing some work around ensuring CSP compliance for a rails site and found that it would be useful to be able to set a nonce for stylesheet_link_tag, particularly with the changes around style-src and CSP configurations. See Add the ability to set the CSP nonce only to the specified directives by y-yagi · Pull Request #36534 · rails/rails · GitHub.

I’ve created a PR to do this. Is there any interest in getting this merged into rails? Would this be useful for anyone else?

<%= stylesheet_link_tag "https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css", nonce: true %>

The main use case I see is when including stylesheets from a CDN, though Sub Resource Integrity may be a better option then.

Is this of use to anyone else?

1 Like

Was just searching for this and saw your post. I can try pull together support for this to move it through. Would you be able to cleanup your PR?

This feature is added in Add the nonce: true option for stylesheet_link_tag helper by akhilgkrishnan · Pull Request #50591 · rails/rails · GitHub