module Propshaft::Helper
Helper module that provides asset path resolution and integrity support for Rails applications.
This module extends Rails’ built-in asset helpers with additional functionality:
-
Subresource Integrity (SRI) support for enhanced security
-
Bulk stylesheet inclusion with :all and :app options
-
Assetpath resolution with proper error handling
Subresource Integrity (SRI) Support
SRI helps protect against malicious modifications of assets by ensuring that resources fetched from CDNs or other sources haven’t been tampered with.
SRI is automatically enabled in secure contexts (HTTPS or local development) when the ‘integrity’ option is set to true:
<%= stylesheet_link_tag "application", integrity: true %> <%= javascript_include_tag "application", integrity: true %>
This will generate integrity hashes and include them in the HTML:
<link rel="stylesheet" href="/assets/application-abc123.css"
integrity="sha256-xyz789...">
<script src="/assets/application-def456.js"
integrity="sha256-uvw012..."></script>
Bulk Stylesheet Inclusion
The stylesheet_link_tag helper supports special symbols for bulk inclusion:
-
:all - includes all CSS files found in the load path
-
:app - includes only CSS files from app/assets/*/.css
<%=
stylesheet_link_tag:all %> # All stylesheets <%=stylesheet_link_tag:app %> # Only app stylesheets
Public Instance Methods
Source
# File lib/propshaft/helper.rb, line 107 def all_stylesheets_paths Rails.application.assets.load_path.asset_paths_by_type("css") end
Returns a sorted and unique array of logical paths for all stylesheets in the load path.
Source
# File lib/propshaft/helper.rb, line 112 def app_stylesheets_paths Rails.application.assets.load_path.asset_paths_by_glob("#{Rails.root.join("app/assets")}/**/*.css") end
Returns a sorted and unique array of logical paths for all stylesheets in app/assets/*/.css.
Source
# File lib/propshaft/helper.rb, line 43 def asset_integrity(path, options = {}) path = _path_with_extname(path, options) Rails.application.assets.resolver.integrity(path) end
Computes the Subresource Integrity (SRI) hash for the given asset path.
This method generates a cryptographic hash of the asset content that can be used to verify the integrity of the resource when it’s loaded by the browser.
asset_integrity("application.css") # => "sha256-xyz789abcdef..."
Source
# File lib/propshaft/helper.rb, line 49 def compute_asset_path(path, options = {}) Rails.application.assets.resolver.resolve(path) || raise(MissingAssetError.new(path)) end
Resolves the full path for an asset, raising an error if not found.
Source
# File lib/propshaft/helper.rb, line 100 def javascript_include_tag(*sources) options = sources.extract_options! _build_asset_tags(sources, options, :javascript) { |source, opts| super(source, opts) } end
Enhanced javascript_include_tag with automatic SRI (Subresource Integrity) support.
This method extends Rails’ built-in javascript_include_tag to automatically generate and include integrity hashes when running in secure contexts.
Options
-
:integrity- Enable SRI hash generation
Examples
javascript_include_tag "application", integrity: true # => <script src="/assets/application-abc123.js" # integrity="sha256-xyz789..."></script>
Source
# File lib/propshaft/helper.rb, line 73 def stylesheet_link_tag(*sources) options = sources.extract_options! case sources.first when :all sources = all_stylesheets_paths when :app sources = app_stylesheets_paths end _build_asset_tags(sources, options, :stylesheet) { |source, opts| super(source, opts) } end
Enhanced stylesheet_link_tag with integrity support and bulk inclusion options.
In addition to the standard Rails functionality, this method supports:
-
Automatic SRI (Subresource Integrity) hash generation in secure contexts
-
Add an option to call
stylesheet_link_tagwith:allto include every css file found on the load path or:appto include css files found inRails.root("app/assets/*/.css"), which will exclude lib/ and plugins.
Options
-
:integrity- Enable SRI hash generation
Examples
stylesheet_link_tag "application", integrity: true # => <link rel="stylesheet" href="/assets/application-abc123.css" # integrity="sha256-xyz789..."> stylesheet_link_tag :all # All stylesheets in load path stylesheet_link_tag :app # Only app/assets stylesheets
Private Instance Methods
Source
# File lib/propshaft/helper.rb, line 135 def _compute_integrity?(options) if _secure_subresource_integrity_context? case options['integrity'] when nil, false, true options.delete('integrity') == true end else options.delete 'integrity' false end end
Determines whether integrity hashes should be computed for assets.
Integrity is only computed in secure contexts (HTTPS or local development) and when explicitly requested via the integrity option.
Source
# File lib/propshaft/helper.rb, line 157 def _path_with_extname(path, options) "#{path}#{compute_asset_extname(path, options)}" end
Ensures the asset path includes the appropriate file extension.
Source
# File lib/propshaft/helper.rb, line 152 def _secure_subresource_integrity_context? respond_to?(:request) && self.request && (self.request.local? || self.request.ssl?) end
Checks if the current context is secure enough for Subresource Integrity.
SRI is only beneficial in secure contexts. Returns true when:
-
The request is made over HTTPS (SSL), OR
-
The request is local (development environment)