From d2253115ac2b30f5f7210670af906cebf79cf809 Mon Sep 17 00:00:00 2001
From: Aaron Patterson <aaron@rubyonrails.org>
Date: Tue, 8 Mar 2022 13:23:15 -0800
Subject: [PATCH] Merge pull request #44635 from imtayadeway/tjw/api-csp-i

Generate content security policy for non-HTML responses
---
 lib/action_dispatch/http/content_security_policy.rb | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/lib/action_dispatch/http/content_security_policy.rb b/lib/action_dispatch/http/content_security_policy.rb
index 6f9fb11..a1d0740 100644
--- a/lib/action_dispatch/http/content_security_policy.rb
+++ b/lib/action_dispatch/http/content_security_policy.rb
@@ -17,7 +17,6 @@ module ActionDispatch #:nodoc:
         request = ActionDispatch::Request.new env
         _, headers, _ = response = @app.call(env)
 
-        return response unless html_response?(headers)
         return response if policy_present?(headers)
 
         if policy = request.content_security_policy
@@ -31,12 +30,6 @@ module ActionDispatch #:nodoc:
 
       private
 
-        def html_response?(headers)
-          if content_type = headers[CONTENT_TYPE]
-            content_type =~ /html/
-          end
-        end
-
         def header_name(request)
           if request.content_security_policy_report_only
             POLICY_REPORT_ONLY
-- 
2.27.0