Don't accidentally create an empty CSP

Setting up the request environment was accidentally creating a CSP as a consequence of accessing the option - only set the instance variable if a block is passed.
author: Andrew White <andrew.white@unboxed.co> 2018-02-19 12:17:51 +0000
committer: Andrew White <andrew.white@unboxed.co> 2018-02-19 12:17:51 +0000
commit: 57f9c36387f371cfb791aa660c733e9690443d04 (patch)
tree: 3598add85e49a8e6f40c5e5c8130b4e331c27889 /railties/lib
parent: 52a1f1c226c2238e16d1a4d32faa8d1e6a36a26f (diff)
download: rails-57f9c36387f371cfb791aa660c733e9690443d04.tar.gz
rails-57f9c36387f371cfb791aa660c733e9690443d04.tar.bz2
rails-57f9c36387f371cfb791aa660c733e9690443d04.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb
index 46ad3557e3..1f765f302c 100644
--- a/railties/lib/rails/application/configuration.rb
+++ b/railties/lib/rails/application/configuration.rb
@@ -241,7 +241,11 @@ module Rails
       end
 
       def content_security_policy(&block)
-        @content_security_policy ||= ActionDispatch::ContentSecurityPolicy.new(&block)
+        if block_given?
+          @content_security_policy = ActionDispatch::ContentSecurityPolicy.new(&block)
+        else
+          @content_security_policy
+        end
       end
 
       class Custom #:nodoc:
author	Andrew White <andrew.white@unboxed.co>	2018-02-19 12:17:51 +0000
committer	Andrew White <andrew.white@unboxed.co>	2018-02-19 12:17:51 +0000
commit	57f9c36387f371cfb791aa660c733e9690443d04 (patch)
tree	3598add85e49a8e6f40c5e5c8130b4e331c27889 /railties/lib
parent	52a1f1c226c2238e16d1a4d32faa8d1e6a36a26f (diff)
download	rails-57f9c36387f371cfb791aa660c733e9690443d04.tar.gz rails-57f9c36387f371cfb791aa660c733e9690443d04.tar.bz2 rails-57f9c36387f371cfb791aa660c733e9690443d04.zip