feat: add `link` and `script` tag helpers by SimenB · Pull Request #1914 · resque/resque

SimenB · 2025-04-10T07:25:32Z

These can be overridden by consumers to add e.g. nonce.

In our config/resque.rb I've added the following

module Resque
  module ServerHelper
    def script_tag(src)
      base = "<script src=\"#{url_path(src)}\" type=\"text/javascript\"></script>"

      request = ActionDispatch::Request.new(env)

      nonce = request.content_security_policy_nonce

      return base unless nonce

      base.gsub(/><\/script>$/, " nonce=\"#{nonce}\"></script>")
    end

    def link_tag(src)
      base = "<link href=\"#{url_path(src)}\" media=\"screen\" rel=\"stylesheet\" type=\"text/css\">"

      request = ActionDispatch::Request.new(env)

      nonce = request.content_security_policy_nonce

      return base unless nonce

      base.gsub(/">$/, "\" nonce=\"#{nonce}\">")
    end
  end
end

And with that, the CSP errors are gone 🥳

(Note that I am by no means a ruby/rails/sinatra/rack expert, but this works. Happy to change approach if there are better ways to go about this. I'd like to avoid having to maintain a fork, tho)

Fixes #1897

These can be overridden by consumers to add e.g. `nonce`

PatrickTulskie

I think this is okay. Just two formatting suggestions to make things a little easier to read.

If you can update your PR in the next day, I should be able to sneak this into 3.0.

lib/resque/server_helper.rb

Co-authored-by: patrick tulskie <PatrickTulskie@users.noreply.github.com>

SimenB · 2025-12-23T09:21:18Z

@PatrickTulskie I updated btw - dunno if an email fires when I accept suggestions 😅

SimenB · 2026-01-12T10:54:26Z

Merged in master now, if that helps 😀

SimenB · 2026-03-02T10:00:43Z

@PatrickTulskie hey any chance this can land now that v3 is out the door? 🙂

feat: add link and script tag helpers

4146e01

These can be overridden by consumers to add e.g. `nonce`

SimenB force-pushed the nonce branch from 5096adb to 4146e01 Compare April 10, 2025 13:04

SimenB mentioned this pull request Apr 14, 2025

Overview UI Broken Due to Nonce Whitelist #1897

Open

PatrickTulskie requested changes Nov 29, 2025

View reviewed changes

lib/resque/server_helper.rb Outdated Show resolved Hide resolved

lib/resque/server_helper.rb 8000 Outdated Show resolved Hide resolved

SimenB and others added 2 commits November 29, 2025 23:17

Update lib/resque/server_helper.rb

afd96fe

Co-authored-by: patrick tulskie <PatrickTulskie@users.noreply.github.com>

Update lib/resque/server_helper.rb

fb3ade9

Co-authored-by: patrick tulskie <PatrickTulskie@users.noreply.github.com>

Merge remote-tracking branch 'upstream/master' into nonce

4104757

Merge remote-tracking branch 'upstream/master' into nonce

7214c92

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat: add `link` and `script` tag helpers#1914

feat: add `link` and `script` tag helpers#1914
SimenB wants to merge 5 commits intoresque:masterfrom
cvpartner:nonce

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants