From efd71f8bfe61456da9f656767685bd390713e4c5 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Fri, 29 Sep 2017 04:53:09 -0700
Subject: [PATCH] For #3998 - Disable CSP if debug=true

To avoid all the nonce hell from debugbar
---
 app/Http/Middleware/ContentSecurityPolicyHeader.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Middleware/ContentSecurityPolicyHeader.php b/app/Http/Middleware/ContentSecurityPolicyHeader.php
index a85c430e6..dd0d39cf3 100644
--- a/app/Http/Middleware/ContentSecurityPolicyHeader.php
+++ b/app/Http/Middleware/ContentSecurityPolicyHeader.php
@@ -14,7 +14,7 @@ class ContentSecurityPolicyHeader
      */
     public function handle($request, Closure $next)
     {
-        if (config('app.disable_csp')=='true') {
+        if ((config('app.debug')=='true')  || (config('app.disable_csp')=='true')) {
             $response = $next($request);
             return $response;
         }