Using .js.erb

Rails Configuration

If you’re on Rails 5.2+ , make sure to enable the following lines in your config/initializers/content_security_policy.rb:

# config/initializers/content_security_policy.rb

# If you are using UJS then enable automatic nonce generation
Rails.application.config.content_security_policy_nonce_generator = -> (request) { SecureRandom.base64(16) }

# Set the nonce only to specific directives
Rails.application.config.content_security_policy_nonce_directives = %w(script-src)

These lines inject a Nonce directive to allow injected scripts to be run.

JavaScript Configuration

In your entrypoint file, (usually app/javascript/application.js), import both mrujs and the .js.erb plugin like so:

import mrujs from "mrujs"
import { JsErb } from "mrujs/plugins"

  plugins: [

Final Disclosure

.js.erb is considered “Deprecated” as of Rails 7. This plugin exists as a way to help with migration, but is strongly discouraged for new projects. For more information, feel free to read the following from DHH: