From 53d863d4bbfe279e00433ef3672b040e2e6ef267 Mon Sep 17 00:00:00 2001
From: Kohei Suzuki <eagletmt@gmail.com>
Date: Sun, 18 Feb 2018 21:36:59 +0900
Subject: Skip generating empty CSP header when no policy is configured

`Rails.application.config.content_security_policy` is configured with no
policies by default. In this case, Content-Security-Policy header should
not be generated instead of generating the header with no directives.
Firefox also warns "Content Security Policy: Couldn't process unknown
directive ''".
---
 railties/test/application/content_security_policy_test.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'railties/test')

diff --git a/railties/test/application/content_security_policy_test.rb b/railties/test/application/content_security_policy_test.rb
index 97f2957c33..1539bf4440 100644
--- a/railties/test/application/content_security_policy_test.rb
+++ b/railties/test/application/content_security_policy_test.rb
@@ -34,7 +34,7 @@ module ApplicationTests
       app("development")
 
       get "/"
-      assert_equal ";", last_response.headers["Content-Security-Policy"]
+      assert_not last_response.headers.key?("Content-Security-Policy")
     end
 
     test "global content security policy in an initializer" do
-- 
cgit v1.2.3