I was doing some work around ensuring CSP compliance for a rails site and found that it would be useful to be able to set a nonce for stylesheet_link_tag, particularly with the changes around style-src and CSP configurations. See Add the ability to set the CSP nonce only to the specified directives by y-yagi · Pull Request #36534 · rails/rails · GitHub.
I’ve created a PR to do this. Is there any interest in getting this merged into rails? Would this be useful for anyone else?
<%= stylesheet_link_tag "https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css", nonce: true %>
The main use case I see is when including stylesheets from a CDN, though Sub Resource Integrity may be a better option then.
Is this of use to anyone else?