How to replace render inline: "" for Rails 5.2

Question

This part of an app worked in ruby 2.4.6 and rails 4.2.6:

def refresh_to(url='/', option={})
  if option[:alert]
    ma_log option[:alert]
  end
  render inline: "<script>window.location.replace('#{url}')</script>"
end

But in ruby 2.5 and Rails 5.2, it is not allowed any more. I get this error:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https:". Either the 'unsafe-inline' keyword, a hash ('sha256-myVzA8nG9TALJ+lM9KxIly4S3wxH68o0ybnPpqphBBg='), or a nonce ('nonce-...') is required to enable inline execution.

Solutions to the previous related errors do not work with this.

How can I write or manage the script to let it work with (or replace) render with or without using inline? I am exploring to put a script in /assets/javascript. How do you do this?

Edited.

Refused to execute inline script because it violates the following 
Content Security Policy directive: "script-src 'self' https:". Either 
the 'unsafe-inline' keyword, a hash ('sha256-
myVzA8nG9TALJ+lM9KxIly4S3wxH68o0ybnPpqphBBg='), or a nonce 
('nonce-...') is required to enable inline execution.

From Content Security Protocol, the inline script no longer support. (which happened when upgrade to rails 5.2 all inline (#)script errors). Including inline js embedded like:

      #render inline: "<script>window.location.replace('#{url}')</script>"
      render js: "window.location.replace(\'#{url}\')" 

Error:

ActionController::InvalidCrossOriginRequest at /logout
Security warning: an embedded <script> tag on another site requested 
protected JavaScript. If you know what you're doing, go ahead and 
disable forgery protection on this action to permit cross-origin 
JavaScript embedding.

From: Document about protect_from_forgery(options = {}). Is not work with Rails 5.2 Beta when I included the option in ApplicaitonController as:

class ApplicationController < ActionController::Base
  skip_before_action :refresh_to, raise: false

So: The following kind of inline code need to be rewrite

render inline: "<script>window.location.replace('#{url}')</script>"

I will try and test with a few versions of rails, but if anyone could spare your code, I would appreciated.

Edited.

Another trial by seperat javascript

-Create a /app/assets/javascript/refresh.js

function refresh() {
  window.location.replace('/')
}

-In controller method use render js: "refresh.js"

def refresh_to(url='/', option={})
  if option[:alert]
    ma_log option[:alert]
  end
#render inline: "<script>window.location.replace('#{url}')</script>"
#render js: "window.location.replace(\'#{url}\')" 
render js: "refresh();"

Result: Not work! same error about C.S.P

My last problem: How to pass parameter(url) to refresh.js ?