allow CSP reports to be sent when header isn't set by Discourse (#6594)

2024-11-22 08:57:10 -06:00 · 2018-11-14 21:23:29 +00:00 · 2018-11-14 21:23:29 +00:00 · 7bc121a065
commit 7bc121a065
parent 4bac77800a
2 changed files with 2 additions and 2 deletions
--- a/app/controllers/csp_reports_controller.rb
+++ b/app/controllers/csp_reports_controller.rb
@ -30,6 +30,6 @@ class CspReportsController < ApplicationController
  end

  def report_collection_enabled?
-    ContentSecurityPolicy.enabled? && SiteSetting.content_security_policy_collect_reports
+    SiteSetting.content_security_policy_collect_reports
  end
 end
--- a/spec/requests/csp_reports_controller_spec.rb
+++ b/spec/requests/csp_reports_controller_spec.rb
@ -37,7 +37,7 @@ describe CspReportsController do
      SiteSetting.content_security_policy_report_only = false
      SiteSetting.content_security_policy_collect_reports = true
      send_report
-      expect(response.status).to eq(404)
+      expect(response.status).to eq(200)

      SiteSetting.content_security_policy = true
      send_report