From 043279d5bfb92d2d619444a568c882294436c675 Mon Sep 17 00:00:00 2001
From: Richard Venneman <richardvenneman@me.com>
Date: Wed, 23 Dec 2020 18:25:18 -0300
Subject: [PATCH] Add Rails CSP example

---
 README.md | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 2e3d8a7..4f39f10 100644
--- a/README.md
+++ b/README.md
@@ -325,7 +325,20 @@ CSP support for automatic insertion exposes two namespaces that can be defined b
  - String CoreExtensions::IntercomRails::AutoInclude.csp_nonce_hook(controller)
  - nil CoreExtensions::IntercomRails::AutoInclude.csp_sha256_hook(controller, SHA-256 whitelist entry)
 
-For instance, a CSP nonce can be inserted using the [Twitter Secure Headers](https://github.com/twitter/secureheaders) gem with the following code:
+For instance, a CSP nonce can be inserted using Rails' (5.2+) built-in [Content Security Policy](https://guides.rubyonrails.org/security.html#content-security-policy) configuration:
+```ruby
+module CoreExtensions
+  module IntercomRails
+    module AutoInclude
+      def self.csp_nonce_hook(controller)
+        controller.request.content_security_policy_nonce
+      end
+    end
+  end
+end
+```
+
+Alternatively, use the [Twitter Secure Headers](https://github.com/twitter/secureheaders) gem with the following code:
 ```ruby
 module CoreExtensions
   module IntercomRails