Remove Content-Security-Policy initializer in API-only Applications

Since `ContentSecurityPolicy::Middleware` is not loaded in API-only
Applications, initializer is unnecessary.
Ref: https://github.com/rails/rails/blob/9c10fec4c06da38f8975dfb851f4d899aa85f8b7/railties/lib/rails/application/default_middleware_stack.rb#L66..L68

1 files changed, 6 insertions, 0 deletions

diff --git a/railties/lib/rails/generators/rails/app/app_generator.rb b/railties/lib/rails/generators/rails/app/app_generator.rb
index 1fdfc3ca52..874bd772c7 100644
--- a/railties/lib/rails/generators/rails/app/app_generator.rb
+++ b/railties/lib/rails/generators/rails/app/app_generator.rb
@@ -128,6 +128,7 @@ module Rails
       active_storage_config_exist    = File.exist?("config/storage.yml")
       rack_cors_config_exist         = File.exist?("config/initializers/cors.rb")
       assets_config_exist            = File.exist?("config/initializers/assets.rb")
+      csp_config_exist               = File.exist?("config/initializers/content_security_policy.rb")
 
       config
 
@@ -155,6 +156,10 @@ module Rails
         unless assets_config_exist
           remove_file "config/initializers/assets.rb"
         end
+
+        unless csp_config_exist
+          remove_file "config/initializers/content_security_policy.rb"
+        end
       end
     end
 
@@ -432,6 +437,7 @@ module Rails
       def delete_non_api_initializers_if_api_option
         if options[:api]
           remove_file "config/initializers/cookies_serializer.rb"
+          remove_file "config/initializers/content_security_policy.rb"
         end
       end