refactor csp

app/controllers/application_controller.rb

@@ -127,8 +127,6 @@ class ApplicationController < ActionController::Base
   end
 
   def set_csp
-    request.content_security_policy_report_only = Rails.env.production?
-
     request.content_security_policy = current_content_security_policy.tap do |policy|
       policy.default_src :self
       policy.script_src :self
@@ -140,7 +138,6 @@ class ApplicationController < ActionController::Base
       policy.frame_src :self
       policy.worker_src :self, :blob
       policy.connect_src :self
-      policy.report_uri '/csp'
 
       policy.directives['connect-src'] << 'ws:' if Rails.env.development?
     end

app/controllers/csp_controller.rb

@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-class CspController < ActionController::API
-  FILTER_REPORT_REGEXP = /extension|sandbox/i
-
-  SANITIZE_REGEXP = %r{(/[sdep]/)(\w{5})[^/"]+}
-
-  def create
-    data = request.raw_post.gsub(SANITIZE_REGEXP, '\1\2')
-
-    Rails.logger.warn(data) if Rails.env.development?
-
-    Rollbar.warning('CSP', data:) if defined?(Rollbar) && !data.match?(FILTER_REPORT_REGEXP)
-  end
-end

config/routes.rb

@@ -202,8 +202,6 @@ Rails.application.routes.draw do
     end
   end
 
-  resources :csp
-
   get '/js/:filename', to: 'embed_scripts#show', as: :embed_script
 
   ActiveSupport.run_load_hooks(:routes, self)