Content-Security-Policy: :self
isn't turned into 'self'
when returned inside an array from a lambda
#44536
Labels
:self
isn't turned into 'self'
when returned inside an array from a lambda
#44536
Steps to reproduce
Sorry, I don't have a lot of time to create actual repro steps, but...
If you do something like this:
Then the
content-security-policy
HTTP header will look like this:Note that it says
self
instead of'self'
.This only happens when you return an array from that lambda. If you return
:self
it works fine. Also moving:self
to outside the lambda (passed directly toframe_ancestors
works as expected.Expected behavior
Actual behavior
System configuration
Rails version: 6.0.4.4 (but I see no diff between the relevant file and
main
)Ruby version: 2.6.8
The text was updated successfully, but these errors were encountered: