# File lib/rack/protection/content_security_policy.rb, line 72 def call(env) status, headers, body = @app.call(env) header = options[:report_only] ? 'Content-Security-Policy-Report-Only' : 'Content-Security-Policy' headers[header] ||= csp_policy if html? headers [status, headers, body] end