there is no reason to deep dup config values since we can assume the …

…configs we are modifying are dups of the originals

lib/secure_headers.rb

@@ -52,8 +52,7 @@ def override_content_security_policy_directives(request, additions)
         config.csp = config.dynamic_csp = {}
       end
 
-      csp = Configuration.deep_copy(config.current_csp)
-      config.dynamic_csp = csp.merge(additions)
+      config.dynamic_csp = config.current_csp.merge(additions)
       override_secure_headers_request_config(request, config)
     end
 
@@ -65,8 +64,7 @@ def override_content_security_policy_directives(request, additions)
     #    script_src: %w(another-host.com)
     def append_content_security_policy_directives(request, additions)
       config = config_for(request)
-      csp = Configuration.deep_copy(config.current_csp)
-      config.dynamic_csp = CSP.combine_policies(csp, additions)
+      config.dynamic_csp = CSP.combine_policies(config.current_csp, additions)
       override_secure_headers_request_config(request, config)
     end