aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/http
diff options
context:
space:
mode:
authorSimon Dawson <spdawson@gmail.com>2017-12-05 07:13:48 +0000
committerJeremy Daer <jeremydaer@gmail.com>2017-12-05 00:13:48 -0700
commit3c442b6df91e291ebbf17f37444414bf5f10fbe6 (patch)
treefc5383bab81a523a42f1b2f352df037ffd35f01d /actionpack/lib/action_dispatch/http
parentc383c4142a1ce3b7bbfa241957cd81f398c91231 (diff)
downloadrails-3c442b6df91e291ebbf17f37444414bf5f10fbe6.tar.gz
rails-3c442b6df91e291ebbf17f37444414bf5f10fbe6.tar.bz2
rails-3c442b6df91e291ebbf17f37444414bf5f10fbe6.zip
Fix CSP copy boolean directives (#31326)
Use Object#deep_dup to safely duplicate policy values
Diffstat (limited to 'actionpack/lib/action_dispatch/http')
-rw-r--r--actionpack/lib/action_dispatch/http/content_security_policy.rb6
1 files changed, 1 insertions, 5 deletions
diff --git a/actionpack/lib/action_dispatch/http/content_security_policy.rb b/actionpack/lib/action_dispatch/http/content_security_policy.rb
index d10d4faf3d..c888a27720 100644
--- a/actionpack/lib/action_dispatch/http/content_security_policy.rb
+++ b/actionpack/lib/action_dispatch/http/content_security_policy.rb
@@ -110,7 +110,7 @@ module ActionDispatch #:nodoc:
end
def initialize_copy(other)
- @directives = copy_directives(other.directives)
+ @directives = other.directives.deep_dup
end
DIRECTIVES.each do |name, directive|
@@ -174,10 +174,6 @@ module ActionDispatch #:nodoc:
end
private
- def copy_directives(directives)
- directives.transform_values { |sources| sources.map(&:dup) }
- end
-
def apply_mappings(sources)
sources.map do |source|
case source