From e18627f542b72b00f8ff58d6026fece67a7e9158 Mon Sep 17 00:00:00 2001
From: Benjamin Neff <benjamin@coding4coffee.ch>
Date: Fri, 28 Oct 2016 23:57:36 +0200
Subject: [PATCH] Suppress deprecation warning: disable csp in report-only mode

---
 Changelog.md                          | 1 +
 config/initializers/secure_headers.rb | 1 +
 2 files changed, 2 insertions(+)

diff --git a/Changelog.md b/Changelog.md
index adfe71c85..fb6e287d7 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -38,6 +38,7 @@ Note: Although this is a minor release, the configuration file changed because t
 * Display error message when aspect membership changes fail [#7132](https://github.com/diaspora/diaspora/pull/7132)
 * Avoid the creation of pod that are none [#7145](https://github.com/diaspora/diaspora/pull/7145)
 * Fixed tag pages with alternate default aspect settings [#7262](https://github.com/diaspora/diaspora/pull/7162)
+* Suppressed CSP related deprecation warnings [#7263](https://github.com/diaspora/diaspora/pull/7163)
 
 ## Features
 * Deleted comments will be removed when loading more comments [#7045](https://github.com/diaspora/diaspora/pull/7045)
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index fc4815b7e..84e2415c7 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -43,6 +43,7 @@ SecureHeaders::Configuration.default do |config|
   csp[:report_uri] = [AppConfig.settings.csp.report_uri] if AppConfig.settings.csp.report_uri.present?
 
   if AppConfig.settings.csp.report_only?
+    config.csp = SecureHeaders::OPT_OUT
     config.csp_report_only = csp
   else
     config.csp = csp