From 57f9c36387f371cfb791aa660c733e9690443d04 Mon Sep 17 00:00:00 2001
From: Andrew White <andrew.white@unboxed.co>
Date: Mon, 19 Feb 2018 12:17:51 +0000
Subject: Don't accidentally create an empty CSP

Setting up the request environment was accidentally creating a CSP
as a consequence of accessing the option - only set the instance
variable if a block is passed.
---
 railties/lib/rails/application/configuration.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'railties/lib')

diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb
index 46ad3557e3..1f765f302c 100644
--- a/railties/lib/rails/application/configuration.rb
+++ b/railties/lib/rails/application/configuration.rb
@@ -241,7 +241,11 @@ module Rails
       end
 
       def content_security_policy(&block)
-        @content_security_policy ||= ActionDispatch::ContentSecurityPolicy.new(&block)
+        if block_given?
+          @content_security_policy = ActionDispatch::ContentSecurityPolicy.new(&block)
+        else
+          @content_security_policy
+        end
       end
 
       class Custom #:nodoc:
-- 
cgit v1.2.3