Switch to using rails builtin content security policy support

[rails.git] / app / views / layouts / _head.html.erb

diff --git a/app/views/layouts/_head.html.erb b/app/views/layouts/_head.html.erb
index 34046bcab85ecac58481bfb6d0dcaf07911697b6..3c691612ab1d4c37ec1ad7a0f8c001b334e50272 100644 (file)
--- a/app/views/layouts/_head.html.erb
+++ b/app/views/layouts/_head.html.erb
@@ -2,6 +2,7 @@
   <meta http-equiv="X-UA-Compatible" content="IE=edge" />
   <meta name="viewport" content="width=device-width, initial-scale=1">
   <%= javascript_include_tag "es6" unless browser.es6? %>
+  <%= javascript_include_tag "turbo", :type => "module" %>
   <%= javascript_include_tag "application" %>
   <%= javascript_include_tag "i18n/#{I18n.locale}" %>
   <%= stylesheet_link_tag "screen-#{dir}", :media => "screen" %>
@@ -11,6 +12,6 @@
   <%= yield :head %>
   <%= yield :auto_discovery_link_tag %>
   <%= csrf_meta_tag %>
-  <meta name="csp-nonce" content="<%= content_security_policy_style_nonce %>" />
+  <%= csp_meta_tag %>
   <title><%= "#{@title} | " if @title %><%= t "layouts.project_name.title" %></title>
 <% end %>