Remove trailing semi-colon from CSP

Although the spec[1] is defined in such a way that a trailing semi-colon is valid it also doesn't allow a semi-colon by itself to indicate an empty policy. Therefore it's easier (and valid) just to omit it rather than to detect whether the policy is empty or not. [1]: https://www.w3.org/TR/CSP2/#policy-syntax
author: Andrew White <andrew.white@unboxed.co> 2018-02-19 12:20:43 +0000
committer: Andrew White <andrew.white@unboxed.co> 2018-02-19 12:20:43 +0000
commit: d85283cc42b1a965944047a2f602153804126f77 (patch)
tree: bfb9986bff4ddf92aad7c973f31e78f0ed0be293 /railties/test/application
parent: 57f9c36387f371cfb791aa660c733e9690443d04 (diff)
download: rails-d85283cc42b1a965944047a2f602153804126f77.tar.gz
rails-d85283cc42b1a965944047a2f602153804126f77.tar.bz2
rails-d85283cc42b1a965944047a2f602153804126f77.zip
1 files changed, 6 insertions, 6 deletions
diff --git a/railties/test/application/content_security_policy_test.rb b/railties/test/application/content_security_policy_test.rb
index 43f2b333f3..0d28df16f8 100644
--- a/railties/test/application/content_security_policy_test.rb
+++ b/railties/test/application/content_security_policy_test.rb
@@ -60,7 +60,7 @@ module ApplicationTests
       app("development")
 
       get "/"
-      assert_policy ";"
+      assert_policy ""
     end
 
     test "global content security policy in an initializer" do
@@ -87,7 +87,7 @@ module ApplicationTests
       app("development")
 
       get "/"
-      assert_policy "default-src 'self' https:;"
+      assert_policy "default-src 'self' https:"
     end
 
     test "global report only content security policy in an initializer" do
@@ -116,7 +116,7 @@ module ApplicationTests
       app("development")
 
       get "/"
-      assert_policy "default-src 'self' https:;", report_only: true
+      assert_policy "default-src 'self' https:", report_only: true
     end
 
     test "override content security policy in a controller" do
@@ -147,7 +147,7 @@ module ApplicationTests
       app("development")
 
       get "/"
-      assert_policy "default-src https://example.com;"
+      assert_policy "default-src https://example.com"
     end
 
     test "override content security policy to report only in a controller" do
@@ -176,7 +176,7 @@ module ApplicationTests
       app("development")
 
       get "/"
-      assert_policy "default-src 'self' https:;", report_only: true
+      assert_policy "default-src 'self' https:", report_only: true
     end
 
     test "global content security policy added to rack app" do
@@ -200,7 +200,7 @@ module ApplicationTests
       app("development")
 
       get "/"
-      assert_policy "default-src 'self' https:;"
+      assert_policy "default-src 'self' https:"
     end
 
     private
author	Andrew White <andrew.white@unboxed.co>	2018-02-19 12:20:43 +0000
committer	Andrew White <andrew.white@unboxed.co>	2018-02-19 12:20:43 +0000
commit	d85283cc42b1a965944047a2f602153804126f77 (patch)
tree	bfb9986bff4ddf92aad7c973f31e78f0ed0be293 /railties/test/application
parent	57f9c36387f371cfb791aa660c733e9690443d04 (diff)
download	rails-d85283cc42b1a965944047a2f602153804126f77.tar.gz rails-d85283cc42b1a965944047a2f602153804126f77.tar.bz2 rails-d85283cc42b1a965944047a2f602153804126f77.zip