react_on_rails 16.4.0.rc.0 → 16.4.0.rc.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/lib/react_on_rails/helper.rb +15 -11
  4. data/lib/react_on_rails/pro_helper.rb +11 -4
  5. data/lib/react_on_rails/version.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e73e8a4df085484ab44226919e7e642d67b609b03375b34845ea43f896e2ca43
4
- data.tar.gz: c94d4c27cd4ae57c9b382b80327686d918ad2906f561879c04cc90817f89d195
3
+ metadata.gz: 9598839cf6698d283c5549d221dd23a2b67903cbc8620fb037012b74bc0d0a61
4
+ data.tar.gz: 7b89e0d293d6aa02af9b404732adf5376a4c9411e180a880a538db48e8fa337c
5
5
  SHA512:
6
- metadata.gz: 5eac27c292bd94ffbdb2c61a3d64d0021b39320c7b82778df631c4e231cfafa190a943101a41d57cf053a0b52f948b3dd0f8c0db5d48cc4a7f9e12177043c770
7
- data.tar.gz: ab3b3beeda1c9ae9d5bf21b2e6ba946d1ead835ed9e0b6fc7b3017e3cdfdb8c101aab5f25a3fd35f6486c0f2dfdd4e68927f9b0a9d0a9020e709f9e33d0a29bb
6
+ metadata.gz: 78464cfa9ffbaae7606fbb68cafb3189dba19a0aa731af101d6eae85ed8ce66fb9d44e5f5bf6444377d011621b599a63a742b25621213b744d711950c9ca123a
7
+ data.tar.gz: 51b18f716f5d6cadcc777c14fee9430f3c40375932be3f9576e355564365995768f635a45ecd29c2605ad9eac146ee85a0a2190acdd700b10cd71aa58046fa59
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- react_on_rails (16.4.0.rc.0)
4
+ react_on_rails (16.4.0.rc.1)
5
5
  addressable
6
6
  connection_pool
7
7
  execjs (~> 2.5)
data/lib/react_on_rails/helper.rb CHANGED
@@ -480,23 +480,27 @@ module ReactOnRails
480
480
  )
481
481
  end
482
482
 
483
+ # Returns the CSP script nonce for the current request, or nil if CSP is not enabled.
484
+ # Rails 5.2-6.0 use content_security_policy_nonce with no arguments.
485
+ # Rails 6.1+ accept an optional directive argument.
486
+ def csp_nonce
487
+ return unless respond_to?(:content_security_policy_nonce)
488
+
489
+ begin
490
+ content_security_policy_nonce(:script)
491
+ rescue ArgumentError
492
+ # Fallback for Rails versions that don't accept arguments
493
+ content_security_policy_nonce
494
+ end
495
+ end
496
+
483
497
  # Wraps console replay JavaScript code in a script tag with CSP nonce if available.
484
498
  # The console_script_code is already sanitized by scriptSanitizedVal() in the JavaScript layer,
485
499
  # so using html_safe here is secure.
486
500
  def wrap_console_script_with_nonce(console_script_code)
487
501
  return "" if console_script_code.blank?
488
502
 
489
- # Get the CSP nonce if available (Rails 5.2+)
490
- # Rails 5.2-6.0 use content_security_policy_nonce with no arguments
491
- # Rails 6.1+ accept an optional directive argument
492
- nonce = if respond_to?(:content_security_policy_nonce)
493
- begin
494
- content_security_policy_nonce(:script)
495
- rescue ArgumentError
496
- # Fallback for Rails versions that don't accept arguments
497
- content_security_policy_nonce
498
- end
499
- end
503
+ nonce = csp_nonce
500
504
 
501
505
  # Build the script tag with nonce if available
502
506
  script_options = { id: "consoleReplayLog" }
data/lib/react_on_rails/pro_helper.rb CHANGED
@@ -24,9 +24,11 @@ module ReactOnRails
24
24
  spec_tag = if render_options.immediate_hydration
25
25
  # Escape dom_id for JavaScript context
26
26
  escaped_dom_id = escape_javascript(render_options.dom_id)
27
+ nonce = csp_nonce
28
+ script_options = nonce.present? ? { nonce: nonce } : {}
27
29
  immediate_script = content_tag(:script, %(
28
30
  typeof ReactOnRails === 'object' && ReactOnRails.reactOnRailsComponentLoaded('#{escaped_dom_id}');
29
- ).html_safe)
31
+ ).html_safe, script_options)
30
32
  "#{component_specification_tag}\n#{immediate_script}"
31
33
  else
32
34
  component_specification_tag
@@ -49,9 +51,14 @@ module ReactOnRails
49
51
  store_hydration_scripts = if redux_store_data[:immediate_hydration]
50
52
  # Escape store_name for JavaScript context
51
53
  escaped_store_name = escape_javascript(redux_store_data[:store_name])
52
- immediate_script = content_tag(:script, <<~JS.strip_heredoc.html_safe
53
- typeof ReactOnRails === 'object' && ReactOnRails.reactOnRailsStoreLoaded('#{escaped_store_name}');
54
- JS
54
+ nonce = csp_nonce
55
+ script_options = nonce.present? ? { nonce: nonce } : {}
56
+ immediate_script = content_tag(
57
+ :script,
58
+ <<~JS.strip_heredoc.html_safe,
59
+ typeof ReactOnRails === 'object' && ReactOnRails.reactOnRailsStoreLoaded('#{escaped_store_name}');
60
+ JS
61
+ script_options
55
62
  )
56
63
  "#{store_hydration_data}\n#{immediate_script}"
57
64
  else
data/lib/react_on_rails/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ReactOnRails
4
- VERSION = "16.4.0.rc.0"
4
+ VERSION = "16.4.0.rc.1"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: react_on_rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 16.4.0.rc.0
4
+ version: 16.4.0.rc.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Gordon
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2026-02-11 00:00:00.000000000 Z
11
+ date: 2026-02-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: addressable