HomePhabricator

Don't emit Content-Security-Policy when returning a response during preflight…

Description

Don't emit Content-Security-Policy when returning a response during preflight setup checks

Summary:
Ref T4340. See https://discourse.phabricator-community.org/t/core-exception-during-installation/1193/8.

If we return a response very early during setup, we may not be able to read from the environment yet. Just decline to build a "Content-Security-Policy" header in these cases.

Test Plan:

  • Faked a preflight error (e.g., safe_mode enabled), restarted apache.
    • Before patch: environment error while generating CSP.
    • After patch: no error.
  • Loaded a normal page, observed an normal CSP header.

Maniphest Tasks: T4340

Differential Revision: https://secure.phabricator.com/D19172