CSP not working on Turbo Drive content load

# Steps to Reproduce
* Create a new Rails app: $ rails new turbo_csp_problem
* Generate a simple controller: $ rails generate controller Pages home
* activate default content_security_policy
* Add javascript to demonstrate broken CSP - app/views/pages/home.html.erb
```
<a href="/">click</a>

<script>alert('broken CSP')</script>

<%= javascript_tag nonce: true do %>
  alert('alert with nonce')
<% end %>
```

https://github.com/rocket-turtle/turbo_csp_problem/commits/main/

# Expected Behavior
The "injected" `alert` "broken CSP" is never shown

# Actual Behavior
The "injected" `alert` "broken CSP" is shown after the link is clicked and the content is loaded via turbo drive.

# System Configuration
turbo-rails-2.0.17
rails-8.0.3
ruby-3.3.8

----

I also posted this issue in the Turbo gem repository ([hotwired/turbo#1431](https://github.com/hotwired/turbo/issues/1431)), but since no one has responded yet, I’m trying here as well.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CSP not working on Turbo Drive content load #757

Steps to Reproduce

Expected Behavior

Actual Behavior

System Configuration

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CSP not working on Turbo Drive content load #757

Description

Steps to Reproduce

Expected Behavior

Actual Behavior

System Configuration

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions