diff options
| author | Kohei Suzuki <eagletmt@gmail.com> | 2018-02-18 21:36:59 +0900 |
|---|---|---|
| committer | Kohei Suzuki <eagletmt@gmail.com> | 2018-02-18 23:45:57 +0900 |
| commit | 53d863d4bbfe279e00433ef3672b040e2e6ef267 (patch) | |
| tree | 6f059261f4f1a437f07ac038fe5857fdf8e7be76 /railties | |
| parent | 099a28bbecb5b6fdabcae261d22c424f67a21601 (diff) | |
| download | rails-53d863d4bbfe279e00433ef3672b040e2e6ef267.tar.gz rails-53d863d4bbfe279e00433ef3672b040e2e6ef267.tar.bz2 rails-53d863d4bbfe279e00433ef3672b040e2e6ef267.zip | |
Skip generating empty CSP header when no policy is configured
`Rails.application.config.content_security_policy` is configured with no
policies by default. In this case, Content-Security-Policy header should
not be generated instead of generating the header with no directives.
Firefox also warns "Content Security Policy: Couldn't process unknown
directive ''".
Diffstat (limited to 'railties')
| -rw-r--r-- | railties/test/application/content_security_policy_test.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/railties/test/application/content_security_policy_test.rb b/railties/test/application/content_security_policy_test.rb index 97f2957c33..1539bf4440 100644 --- a/railties/test/application/content_security_policy_test.rb +++ b/railties/test/application/content_security_policy_test.rb @@ -34,7 +34,7 @@ module ApplicationTests app("development") get "/" - assert_equal ";", last_response.headers["Content-Security-Policy"] + assert_not last_response.headers.key?("Content-Security-Policy") end test "global content security policy in an initializer" do |