Method conflicting `content_security_policy_nonce` with Rails 5.2

[phuongvu]

Bugs

When using content_security_policy_nonce(:script) inline in erb, I got the below error:

ActionView::Template::Error: wrong number of arguments (given 1, expected 0)

Looks like in secure_headers' content_security_policy_nonce(:script) is conflicting with Rails' content_security_policy_nonce, which does not take any param, refer to http://edgeapi.rubyonrails.org/classes/ActionDispatch/ContentSecurityPolicy/Request.html#method-i-content_security_policy_nonce

Also in my list of middlewares, I see ActionDispatch::ContentSecurityPolicy::Middleware inserted right after SecureHeaders::Middleware, something like this:

$ bin/rails middleware
...
use SecureHeaders::Middleware
...
use ActionDispatch::ContentSecurityPolicy::Middleware
...

Expected outcome

Expected content_security_policy_nonce(:script) should work as described in https://github.com/twitter/secure_headers/blob/v5.0.5/lib/secure_headers/view_helper.rb#L69-L76

Actual outcome

Rails' content_security_policy_nonce was called

[jacobbednarz]

Hi @phuongvu and thanks for the report!

A very similar issue has already been addressed in #389 where the Rails defined content_security_policy_nonce was interfering with the secure_headers defined method. If I'm reading that issue correctly the method you're using in your ERB templates is actually intended as a private API (despite it's documentation) and you should swap over to the nonced_*_tag template helpers instead.

[phuongvu]

🙏 Awesome! I got it working with content_security_policy_script_nonce

Closing this issue as it is fixed!