2 files changed, 99 insertions, 33 deletions

diff --git a/actionpack/test/dispatch/content_security_policy_test.rb b/actionpack/test/dispatch/content_security_policy_test.rb
index b88f90190a..f133aae865 100644
--- a/actionpack/test/dispatch/content_security_policy_test.rb
+++ b/actionpack/test/dispatch/content_security_policy_test.rb
@@ -258,6 +258,8 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest
       p.script_src :self
     end
 
+    content_security_policy(false, only: :no_policy)
+
     content_security_policy_report_only only: :report_only
 
     def index
@@ -280,6 +282,10 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest
       head :ok
     end
 
+    def no_policy
+      head :ok
+    end
+
     private
       def condition?
         params[:condition] == "true"
@@ -294,6 +300,7 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest
       get "/conditional", to: "policy#conditional"
       get "/report-only", to: "policy#report_only"
       get "/script-src", to: "policy#script_src"
+      get "/no-policy", to: "policy#no_policy"
     end
   end
 
@@ -353,19 +360,14 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest
     assert_policy "script-src 'self' 'nonce-iyhD0Yc0W+c='"
   end
 
-  private
-
-    def env_config
-      Rails.application.env_config
-    end
+  def test_generates_no_content_security_policy
+    get "/no-policy"
 
-    def content_security_policy
-      env_config["action_dispatch.content_security_policy"]
-    end
+    assert_nil response.headers["Content-Security-Policy"]
+    assert_nil response.headers["Content-Security-Policy-Report-Only"]
+  end
 
-    def content_security_policy=(policy)
-      env_config["action_dispatch.content_security_policy"] = policy
-    end
+  private
 
     def assert_policy(expected, report_only: false)
       assert_response :success
@@ -382,3 +384,61 @@ class ContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest
       assert_equal expected, response.headers[expected_header]
     end
 end
+
+class DisabledContentSecurityPolicyIntegrationTest < ActionDispatch::IntegrationTest
+  class PolicyController < ActionController::Base
+    content_security_policy only: :inline do |p|
+      p.default_src "https://example.com"
+    end
+
+    def index
+      head :ok
+    end
+
+    def inline
+      head :ok
+    end
+  end
+
+  ROUTES = ActionDispatch::Routing::RouteSet.new
+  ROUTES.draw do
+    scope module: "disabled_content_security_policy_integration_test" do
+      get "/", to: "policy#index"
+      get "/inline", to: "policy#inline"
+    end
+  end
+
+  class PolicyConfigMiddleware
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      env["action_dispatch.content_security_policy"] = nil
+      env["action_dispatch.content_security_policy_nonce_generator"] = nil
+      env["action_dispatch.content_security_policy_report_only"] = false
+      env["action_dispatch.show_exceptions"] = false
+
+      @app.call(env)
+    end
+  end
+
+  APP = build_app(ROUTES) do |middleware|
+    middleware.use PolicyConfigMiddleware
+    middleware.use ActionDispatch::ContentSecurityPolicy::Middleware
+  end
+
+  def app
+    APP
+  end
+
+  def test_generates_no_content_security_policy_by_default
+    get "/"
+    assert_nil response.headers["Content-Security-Policy"]
+  end
+
+  def test_generates_content_security_policy_header_when_globally_disabled
+    get "/inline"
+    assert_equal "default-src https://example.com", response.headers["Content-Security-Policy"]
+  end
+end
diff --git a/actionpack/test/dispatch/routing/inspector_test.rb b/actionpack/test/dispatch/routing/inspector_test.rb
index 127212b228..9150d5010b 100644
--- a/actionpack/test/dispatch/routing/inspector_test.rb
+++ b/actionpack/test/dispatch/routing/inspector_test.rb
@@ -3,6 +3,7 @@
 require "abstract_unit"
 require "rails/engine"
 require "action_dispatch/routing/inspector"
+require "io/console/size"
 
 class MountedRackApp
   def self.call(env)
@@ -15,16 +16,10 @@ end
 module ActionDispatch
   module Routing
     class RoutesInspectorTest < ActiveSupport::TestCase
-      def setup
+      setup do
         @set = ActionDispatch::Routing::RouteSet.new
       end
 
-      def draw(options = nil, formater = ActionDispatch::Routing::ConsoleFormatter::Sheet.new, &block)
-        @set.draw(&block)
-        inspector = ActionDispatch::Routing::RoutesInspector.new(@set.routes)
-        inspector.format(formater, options).split("\n")
-      end
-
       def test_displaying_routes_for_engines
         engine = Class.new(Rails::Engine) do
           def self.inspect
@@ -305,7 +300,7 @@ module ActionDispatch
       end
 
       def test_routes_can_be_filtered
-        output = draw("posts") do
+        output = draw(grep: "posts") do
           resources :articles
           resources :posts
         end
@@ -322,6 +317,9 @@ module ActionDispatch
       end
 
       def test_routes_when_expanded
+        previous_console_winsize = IO.console.winsize
+        IO.console.winsize = [0, 23]
+
         engine = Class.new(Rails::Engine) do
           def self.inspect
             "Blog::Engine"
@@ -331,50 +329,51 @@ module ActionDispatch
           get "/cart", to: "cart#show"
         end
 
-        output = draw(nil, ActionDispatch::Routing::ConsoleFormatter::Expanded.new) do
+        output = draw(formatter: ActionDispatch::Routing::ConsoleFormatter::Expanded.new) do
           get "/custom/assets", to: "custom_assets#show"
           get "/custom/furnitures", to: "custom_furnitures#show"
           mount engine => "/blog", :as => "blog"
         end
 
-        assert_equal ["--[ Route 1 ]------------------------------------------------------------",
+        assert_equal ["--[ Route 1 ]----------",
                       "Prefix            | custom_assets",
                       "Verb              | GET",
                       "URI               | /custom/assets(.:format)",
                       "Controller#Action | custom_assets#show",
-                      "--[ Route 2 ]------------------------------------------------------------",
+                      "--[ Route 2 ]----------",
                       "Prefix            | custom_furnitures",
                       "Verb              | GET",
                       "URI               | /custom/furnitures(.:format)",
                       "Controller#Action | custom_furnitures#show",
-                      "--[ Route 3 ]------------------------------------------------------------",
+                      "--[ Route 3 ]----------",
                       "Prefix            | blog",
                       "Verb              | ",
                       "URI               | /blog",
                       "Controller#Action | Blog::Engine",
                       "",
                       "[ Routes for Blog::Engine ]",
-                      "--[ Route 1 ]------------------------------------------------------------",
+                      "--[ Route 1 ]----------",
                       "Prefix            | cart",
                       "Verb              | GET",
                       "URI               | /cart(.:format)",
                       "Controller#Action | cart#show"], output
+      ensure
+        IO.console.winsize = previous_console_winsize
       end
 
-
       def test_no_routes_matched_filter_when_expanded
-        output = draw("rails/dummy", ActionDispatch::Routing::ConsoleFormatter::Expanded.new) do
+        output = draw(grep: "rails/dummy", formatter: ActionDispatch::Routing::ConsoleFormatter::Expanded.new) do
           get "photos/:id" => "photos#show", :id => /[A-Z]\d{5}/
         end
 
         assert_equal [
-          "No routes were found for this controller",
+          "No routes were found for this grep pattern.",
           "For more information about routes, see the Rails guide: http://guides.rubyonrails.org/routing.html."
         ], output
       end
 
       def test_not_routes_when_expanded
-        output = draw("rails/dummy", ActionDispatch::Routing::ConsoleFormatter::Expanded.new) {}
+        output = draw(grep: "rails/dummy", formatter: ActionDispatch::Routing::ConsoleFormatter::Expanded.new) {}
 
         assert_equal [
           "You don't have any routes defined!",
@@ -386,7 +385,7 @@ module ActionDispatch
       end
 
       def test_routes_can_be_filtered_with_namespaced_controllers
-        output = draw("admin/posts") do
+        output = draw(grep: "admin/posts") do
           resources :articles
           namespace :admin do
             resources :posts
@@ -434,24 +433,24 @@ module ActionDispatch
         end
 
         assert_equal [
-          "No routes were found for this controller",
+          "No routes were found for this controller.",
           "For more information about routes, see the Rails guide: http://guides.rubyonrails.org/routing.html."
         ], output
       end
 
       def test_no_routes_matched_filter
-        output = draw("rails/dummy") do
+        output = draw(grep: "rails/dummy") do
           get "photos/:id" => "photos#show", :id => /[A-Z]\d{5}/
         end
 
         assert_equal [
-          "No routes were found for this controller",
+          "No routes were found for this grep pattern.",
           "For more information about routes, see the Rails guide: http://guides.rubyonrails.org/routing.html."
         ], output
       end
 
       def test_no_routes_were_defined
-        output = draw("Rails::DummyController") {}
+        output = draw(grep: "Rails::DummyController") {}
 
         assert_equal [
           "You don't have any routes defined!",
@@ -484,6 +483,13 @@ module ActionDispatch
           "custom_assets GET  /custom/assets(.:format) custom_assets#show",
         ], output
       end
+
+      private
+        def draw(formatter: ActionDispatch::Routing::ConsoleFormatter::Sheet.new, **options, &block)
+          @set.draw(&block)
+          inspector = ActionDispatch::Routing::RoutesInspector.new(@set.routes)
+          inspector.format(formatter, options).split("\n")
+        end
     end
   end
 end