Send CSP rules as single response header

[lcmen]

trafficstars

When I launch Hanami 2 template, it complains about CSP rules and doesn't load styles and script files. I've found that "\n" separator used for converting CSP configuration to header line, sends each rule as a separate header (response contains multiple Content-Security-Policy headers).

After small research, I've found that when multiple headers are used, then the most strict one (in this case default-src 'none';) takes precedence (https://chrisguitarguy.com/2019/07/05/working-with-multiple-content-security-policy-headers/). After playing with the code, it seems that changing separator "\n" to "; " sends all these rules as a single header and they work correctly (setting specific rule like style-src, script-src, etc. overrides default-src).