Always yield a CSP policy instance

If the app has the CSP disabled globally allow a controller action to enable the policy for that request.
author: Andrew White <andrew.white@unboxed.co> 2018-03-08 14:14:09 +0000
committer: Andrew White <andrew.white@unboxed.co> 2018-03-08 14:14:09 +0000
commit: 190744cd8ed014915803fa805996be04dc750d9d (patch)
tree: 66aca1907aac710c55e710f91392f40c49472b1d /railties
parent: af406a753c59266c61e9ebcd0f131fdc6533a124 (diff)
download: rails-190744cd8ed014915803fa805996be04dc750d9d.tar.gz
rails-190744cd8ed014915803fa805996be04dc750d9d.tar.bz2
rails-190744cd8ed014915803fa805996be04dc750d9d.zip
1 files changed, 2 insertions, 4 deletions
diff --git a/railties/lib/rails/application_controller.rb b/railties/lib/rails/application_controller.rb
index 39f7791c18..b3fe822218 100644
--- a/railties/lib/rails/application_controller.rb
+++ b/railties/lib/rails/application_controller.rb
@@ -7,10 +7,8 @@ class Rails::ApplicationController < ActionController::Base # :nodoc:
   before_action :disable_content_security_policy_nonce!
 
   content_security_policy do |policy|
-    if policy
-      policy.script_src :unsafe_inline
-      policy.style_src :unsafe_inline
-    end
+    policy.script_src :unsafe_inline
+    policy.style_src :unsafe_inline
   end
 
   private
author	Andrew White <andrew.white@unboxed.co>	2018-03-08 14:14:09 +0000
committer	Andrew White <andrew.white@unboxed.co>	2018-03-08 14:14:09 +0000
commit	190744cd8ed014915803fa805996be04dc750d9d (patch)
tree	66aca1907aac710c55e710f91392f40c49472b1d /railties
parent	af406a753c59266c61e9ebcd0f131fdc6533a124 (diff)
download	rails-190744cd8ed014915803fa805996be04dc750d9d.tar.gz rails-190744cd8ed014915803fa805996be04dc750d9d.tar.bz2 rails-190744cd8ed014915803fa805996be04dc750d9d.zip