Revert "Merge pull request #32045 from eagletmt/skip-csp-header"

This reverts commit 86f7c269073a3a9e6ddec9b957deaa2716f2627d, reversing
changes made to 5ece2e4a4459065b5efd976aebd209bbf0cab89b.

If a policy is set then we should generate it even if it's empty.
However what is happening is that we're accidentally generating an
empty policy when the initializer is commented out by default.

2 files changed, 4 insertions, 30 deletions

diff --git a/actionpack/lib/action_dispatch/http/content_security_policy.rb b/actionpack/lib/action_dispatch/http/content_security_policy.rb
index 160c345361..4883e23d24 100644
--- a/actionpack/lib/action_dispatch/http/content_security_policy.rb
+++ b/actionpack/lib/action_dispatch/http/content_security_policy.rb
@@ -21,10 +21,7 @@ module ActionDispatch #:nodoc:
         return response if policy_present?(headers)
 
         if policy = request.content_security_policy
-          built_policy = policy.build(request.controller_instance)
-          if built_policy
-            headers[header_name(request)] = built_policy
-          end
+          headers[header_name(request)] = policy.build(request.controller_instance)
         end
 
         response
@@ -175,12 +172,7 @@ module ActionDispatch #:nodoc:
     end
 
     def build(context = nil)
-      built_directives = build_directives(context).compact
-      if built_directives.empty?
-        nil
-      else
-        built_directives.join("; ") + ";"
-      end
+      build_directives(context).compact.join("; ") + ";"
     end
 
     private
diff --git a/actionpack/test/dispatch/content_security_policy_test.rb b/actionpack/test/dispatch/content_security_policy_test.rb
index cfec81eeae..7c4a65a633 100644
--- a/actionpack/test/dispatch/content_security_policy_test.rb
+++ b/actionpack/test/dispatch/content_security_policy_test.rb
@@ -8,7 +8,7 @@ class ContentSecurityPolicyTest < ActiveSupport::TestCase
   end
 
   def test_build
-    assert_nil @policy.build
+    assert_equal ";", @policy.build
 
     @policy.script_src :self
     assert_equal "script-src 'self';", @policy.build
@@ -271,10 +271,6 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest
       head :ok
     end
 
-    def empty_policy
-      head :ok
-    end
-
     private
       def condition?
         params[:condition] == "true"
@@ -288,14 +284,12 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest
       get "/inline", to: "policy#inline"
       get "/conditional", to: "policy#conditional"
       get "/report-only", to: "policy#report_only"
-      get "/empty-policy", to: "policy#empty_policy"
     end
   end
 
   POLICY = ActionDispatch::ContentSecurityPolicy.new do |p|
     p.default_src :self
   end
-  EMPTY_POLICY = ActionDispatch::ContentSecurityPolicy.new
 
   class PolicyConfigMiddleware
     def initialize(app)
@@ -303,12 +297,7 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest
     end
 
     def call(env)
-      env["action_dispatch.content_security_policy"] =
-        if env["PATH_INFO"] == "/empty-policy"
-          EMPTY_POLICY
-        else
-          POLICY
-        end
+      env["action_dispatch.content_security_policy"] = POLICY
       env["action_dispatch.content_security_policy_report_only"] = false
       env["action_dispatch.show_exceptions"] = false
 
@@ -348,13 +337,6 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest
     assert_policy "default-src 'self'; report-uri /violations;", report_only: true
   end
 
-  def test_empty_policy
-    get "/empty-policy"
-    assert_response :success
-    assert_not response.headers.key?("Content-Security-Policy")
-    assert_not response.headers.key?("Content-Security-Policy-Report-Only")
-  end
-
   private
 
     def env_config