FEATURE: Turn csp on by default (#8665)

* turn csp on by default

* remove csp migration for new sites now that is is on by default

* Ensure CSP is off before starting qunit

config/site_settings.yml

@@ -1396,7 +1396,7 @@ security:
     list_type: compact
   slow_down_crawler_rate: 60
   content_security_policy:
-    default: false
+    default: true
   content_security_policy_report_only:
     default: false
   content_security_policy_collect_reports:

db/migrate/20190110142917_enable_content_security_policy_for_new_sites.rb

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-class EnableContentSecurityPolicyForNewSites < ActiveRecord::Migration[5.2]
-  def up
-    return if Rails.env.test?
-    return if row_exists?
-
-    if instance_is_new?
-      execute "INSERT INTO site_settings(name, data_type, value, created_at, updated_at)
-               VALUES ('content_security_policy', 5, 't', now(), now())"
-    end
-  end
-
-  def down
-    # Don't undo, up method only enables CSP if row isn't already there and if instance is new
-  end
-
-  def row_exists?
-    DB.query("SELECT 1 AS one FROM site_settings where name='content_security_policy'").present?
-  end
-
-  def instance_is_new?
-    dates = DB.query_single("SELECT created_at FROM posts ORDER BY created_at ASC LIMIT 1")
-    dates.empty? || dates.first > 1.week.ago
-  end
-
-end

lib/tasks/qunit.rake

@@ -7,6 +7,9 @@ task "qunit:test", [:timeout, :qunit_path] => :environment do |_, args|
   require "socket"
   require 'rbconfig'
 
+  puts "Turning off CSP to allow qunit to run"
+  SiteSetting.content_security_policy = false
+
   if RbConfig::CONFIG['host_os'][/darwin|mac os/]
     google_chrome_cli = "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome"
   else
@@ -88,8 +91,6 @@ task "qunit:test", [:timeout, :qunit_path] => :environment do |_, args|
       exit 1
     end
     puts "Rails server is warmed up"
-    puts "Turning off CSP to allow qunit to run"
-    SiteSetting.content_security_policy = false
 
     sh(cmd)