39 lines
1.3 KiB
Diff
39 lines
1.3 KiB
Diff
From d2253115ac2b30f5f7210670af906cebf79cf809 Mon Sep 17 00:00:00 2001
|
|
From: Aaron Patterson <aaron@rubyonrails.org>
|
|
Date: Tue, 8 Mar 2022 13:23:15 -0800
|
|
Subject: [PATCH] Merge pull request #44635 from imtayadeway/tjw/api-csp-i
|
|
|
|
Generate content security policy for non-HTML responses
|
|
---
|
|
lib/action_dispatch/http/content_security_policy.rb | 7 -------
|
|
1 file changed, 7 deletions(-)
|
|
|
|
diff --git a/lib/action_dispatch/http/content_security_policy.rb b/lib/action_dispatch/http/content_security_policy.rb
|
|
index 6f9fb11..a1d0740 100644
|
|
--- a/lib/action_dispatch/http/content_security_policy.rb
|
|
+++ b/lib/action_dispatch/http/content_security_policy.rb
|
|
@@ -17,7 +17,6 @@ module ActionDispatch #:nodoc:
|
|
request = ActionDispatch::Request.new env
|
|
_, headers, _ = response = @app.call(env)
|
|
|
|
- return response unless html_response?(headers)
|
|
return response if policy_present?(headers)
|
|
|
|
if policy = request.content_security_policy
|
|
@@ -31,12 +30,6 @@ module ActionDispatch #:nodoc:
|
|
|
|
private
|
|
|
|
- def html_response?(headers)
|
|
- if content_type = headers[CONTENT_TYPE]
|
|
- content_type =~ /html/
|
|
- end
|
|
- end
|
|
-
|
|
def header_name(request)
|
|
if request.content_security_policy_report_only
|
|
POLICY_REPORT_ONLY
|
|
--
|
|
2.27.0
|
|
|