Ref T4340. See https://discourse.phabricator-community.org/t/core-exception-during-installation/1193/8.

If we return a response very early during setup, we may not be able to read from the environment yet. Just decline to build a "Content-Security-Policy" header in these cases.

• Faked a preflight error (e.g., safe_mode enabled), restarted apache.
  • Before patch: environment error while generating CSP.
  • After patch: no error.
• Loaded a normal page, observed an normal CSP header.