add deprecation warning for csp directive values that are procs

oreoshake · oreoshake · commit f46a160bfd17 · 2016-01-05T14:59:18.000-10:00
diff --git a/lib/secure_headers/headers/content_security_policy.rb b/lib/secure_headers/headers/content_security_policy.rb
@@ -137,7 +137,13 @@ def initialize(config=nil, options={})
 
       # Config values can be string, array, or lamdba values
       @config = config.inject({}) do |hash, (key, value)|
-        config_val = value.respond_to?(:call) ? value.call(@controller) : value
+        config_val = if value.respond_to?(:call)
+          warn "[DEPRECATION] secure_headers 3.x will not support procs as config values."
+          value.call(@controller)
+        else
+          value
+        end
+
         if ALL_DIRECTIVES.include?(key.to_sym) # directives need to be normalized to arrays of strings
           if config_val.is_a? String
             warn "[DEPRECATION] A String was supplied for directive #{key}. secure_headers 3.x will require all directives to be arrays of strings."
