Rails force generate to include overwritten CSP file

[molly-yu]

WHY are these changes introduced?

For context:

• issue: Implement default Content-Security-Policy that prevents clickjacking shopify_app#1377
• related PR: Add custom CSP generator template to include frame_ancestors shopify_app#1389

Rails apps published in the App Store require the proper Content Security Policy to be set, specifically the frame_ancestors directive. The change in shopify_app accomplishes this by creating a new CSP configuration template with frame_ancestors included. This requires that when running rails generate ..., the -f flag must be passed in so that we can overwrite the default CSP configuration template (content_security_policy.rb).

WHAT is this pull request doing?

Adds the -f flag to forcibly overwrite the content_security_policy.rb file when generating rails apps.

How to test your changes?

Run shopify app create rails and verify that the app is generated correctly (ideally with the new csp file).

Post-release steps

Update checklist

• I've added a CHANGELOG entry for this PR (if the change is public-facing)
• I've considered possible cross-platform impacts (Mac, Linux, Windows).
• I've left the version number as is (we'll handle incrementing this when releasing).
• I've included any post-release steps in the section above (if needed).

[github-actions]

This PR seems inactive. If it's still relevant, please add a comment saying so. Otherwise, take no action.

→ If there's no activity within a week, then a bot will automatically close this.

Thanks for helping to improve Shopify's dev tooling and experience.