Apply mapping to symbols returned from dynamic CSP sources

Previously if a dynamic source returned a symbol such as :self it
would be converted to a string implicity, e.g:

  policy.default_src -> { :self }

would generate the header:

  Content-Security-Policy: default-src self

and now it generates:

  Content-Security-Policy: default-src 'self'

actionpack/CHANGELOG.md

+*   Apply mapping to symbols returned from dynamic CSP sources
+
+    Previously if a dynamic source returned a symbol such as :self it
+    would be converted to a string implicity, e.g:
+
+        policy.default_src -> { :self }
+  
+    would generate the header:
+
+        Content-Security-Policy: default-src self
+
+    and now it generates:
+
+        Content-Security-Policy: default-src 'self'
+
+    *Andrew White*
+
 *   Add `ActionController::Parameters#each_value`.
 
     *Lukáš Zapletal*

actionpack/lib/action_dispatch/http/content_security_policy.rb

@@ -257,7 +257,8 @@ def resolve_source(source, context)
           if context.nil?
             raise RuntimeError, "Missing context for the dynamic content security policy source: #{source.inspect}"
           else
-            context.instance_exec(&source)
+            resolved = context.instance_exec(&source)
+            resolved.is_a?(Symbol) ? apply_mapping(resolved) : resolved
           end
         else
           raise RuntimeError, "Unexpected content security policy source: #{source.inspect}"

actionpack/test/dispatch/content_security_policy_test.rb

@@ -264,8 +264,8 @@ def index
   end
 
   POLICY = ActionDispatch::ContentSecurityPolicy.new do |p|
-    p.default_src :self
-    p.script_src  :https
+    p.default_src -> { :self  }
+    p.script_src  -> { :https }
   end
 
   class PolicyConfigMiddleware