From 3c442b6df91e291ebbf17f37444414bf5f10fbe6 Mon Sep 17 00:00:00 2001
From: Simon Dawson <spdawson@gmail.com>
Date: Tue, 5 Dec 2017 07:13:48 +0000
Subject: Fix CSP copy boolean directives (#31326)

Use Object#deep_dup to safely duplicate policy values
---
 actionpack/lib/action_dispatch/http/content_security_policy.rb | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

(limited to 'actionpack/lib/action_dispatch/http/content_security_policy.rb')

diff --git a/actionpack/lib/action_dispatch/http/content_security_policy.rb b/actionpack/lib/action_dispatch/http/content_security_policy.rb
index d10d4faf3d..c888a27720 100644
--- a/actionpack/lib/action_dispatch/http/content_security_policy.rb
+++ b/actionpack/lib/action_dispatch/http/content_security_policy.rb
@@ -110,7 +110,7 @@ module ActionDispatch #:nodoc:
     end
 
     def initialize_copy(other)
-      @directives = copy_directives(other.directives)
+      @directives = other.directives.deep_dup
     end
 
     DIRECTIVES.each do |name, directive|
@@ -174,10 +174,6 @@ module ActionDispatch #:nodoc:
     end
 
     private
-      def copy_directives(directives)
-        directives.transform_values { |sources| sources.map(&:dup) }
-      end
-
       def apply_mappings(sources)
         sources.map do |source|
           case source
-- 
cgit v1.2.3


From 7efb4d23c1022108319add6218ae9d9284936ac5 Mon Sep 17 00:00:00 2001
From: "yuuji.yaginuma" <yuuji.yaginuma@gmail.com>
Date: Tue, 5 Dec 2017 18:16:41 +0900
Subject: Add missing require

Follow up of 3c442b6df91e291ebbf17f37444414bf5f10fbe6

Without this require, it will fail when run CSP test alone.
Ref: https://travis-ci.org/rails/rails/jobs/311715758#L2976
---
 actionpack/lib/action_dispatch/http/content_security_policy.rb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'actionpack/lib/action_dispatch/http/content_security_policy.rb')

diff --git a/actionpack/lib/action_dispatch/http/content_security_policy.rb b/actionpack/lib/action_dispatch/http/content_security_policy.rb
index c888a27720..4883e23d24 100644
--- a/actionpack/lib/action_dispatch/http/content_security_policy.rb
+++ b/actionpack/lib/action_dispatch/http/content_security_policy.rb
@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "active_support/core_ext/object/deep_dup"
+
 module ActionDispatch #:nodoc:
   class ContentSecurityPolicy
     class Middleware
-- 
cgit v1.2.3