提交 · 52a1f1c226c2238e16d1a4d32faa8d1e6a36a26f · 张重言 / rails

19 2月, 2018 1 次提交

Revert "Merge pull request #32045 from eagletmt/skip-csp-header" · 52a1f1c2

由 Andrew White 提交于 2月 19, 2018

This reverts commit 86f7c269, reversing
changes made to 5ece2e4a.

If a policy is set then we should generate it even if it's empty.
However what is happening is that we're accidentally generating an
empty policy when the initializer is commented out by default.

52a1f1c2

18 2月, 2018 1 次提交

Skip generating empty CSP header when no policy is configured · 53d863d4

由 Kohei Suzuki 提交于 2月 18, 2018

`Rails.application.config.content_security_policy` is configured with no
policies by default. In this case, Content-Security-Policy header should
not be generated instead of generating the header with no directives.
Firefox also warns "Content Security Policy: Couldn't process unknown
directive ''".

53d863d4

05 12月, 2017 1 次提交
- S
  Fix CSP copy boolean directives (#31326) · 3c442b6d
  由 Simon Dawson 提交于 12月 05, 2017
```
Use Object#deep_dup to safely duplicate policy values
```
  3c442b6d
27 11月, 2017 1 次提交
- A
  Add DSL for configuring Content-Security-Policy header · 456c3ffd
  由 Andrew White 提交于 11月 15, 2017
```
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
```
  456c3ffd