Remove dedup_source_list and replace with a "best-effort" .uniq call.

lgarron · lgarron · commit cdb40e5b851d · 2022-10-24T11:01:01.000-07:00
diff --git a/lib/secure_headers/headers/content_security_policy.rb b/lib/secure_headers/headers/content_security_policy.rb
@@ -133,7 +133,7 @@ def minify_source_list(directive, source_list)
         unless directive == REPORT_URI || @preserve_schemes
           source_list = strip_source_schemes(source_list)
         end
-        dedup_source_list(source_list)
+        source_list.uniq
       end
     end
 
@@ -151,24 +151,6 @@ def reject_all_values_if_none(source_list)
       end
     end
 
-    # Removes duplicates and sources that already match an existing wild card.
-    #
-    # e.g. *.github.com asdf.github.com becomes *.github.com
-    def dedup_source_list(sources)
-      sources = sources.uniq
-      wild_sources = sources.select { |source| source =~ STAR_REGEXP }
-
-      if wild_sources.any?
-        schemes = sources.map { |source| [source, URI(source).scheme] }.to_h
-        sources.reject do |source|
-          !wild_sources.include?(source) &&
-            wild_sources.any? { |pattern| schemes[pattern] == schemes[source] && File.fnmatch(pattern, source) }
-        end
-      else
-        sources
-      end
-    end
-
     # Private: append a nonce to the script/style directories if script_nonce
     # or style_nonce are provided.
     def populate_nonces(directive, source_list)
