[TASK] Revert "[TASK] Allow to disable CSP headers for a particular s…

…ite"

Aims to combine disabling site-specific CSP with report-only mode later.

This reverts commit acf7030.

Reverts: #104549
Resolves: #104633
Releases: main, 12.4
Change-Id: I651f60d7b5cc24133801412c8f09b1efba98d3f4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/85646
Reviewed-by: Garvin Hicking <gh@faktor-e.de>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Garvin Hicking <gh@faktor-e.de>

typo3/sysext/frontend/Classes/Middleware/ContentSecurityPolicyHeaders.php

@@ -48,17 +48,15 @@ public function __construct(
 
     public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
     {
-        $site = $request->getAttribute('site');
         // return early in case CSP shall not be used
-        if (!$this->features->isFeatureEnabled('security.frontend.enforceContentSecurityPolicy')
-            || ($site !== null && !($site->getConfiguration()['contentSecurityPolicies']['enable'] ?? true))
-        ) {
+        if (!$this->features->isFeatureEnabled('security.frontend.enforceContentSecurityPolicy')) {
             return $handler->handle($request);
         }
         // make sure, the nonce value is set before processing the remaining middlewares
         $request = $request->withAttribute('nonce', $this->requestId->nonce);
         $response = $handler->handle($request);
 
+        $site = $request->getAttribute('site');
         $scope = Scope::frontendSite($site);
         if ($response->hasHeader('Content-Security-Policy') || $response->hasHeader('Content-Security-Policy-Report-Only')) {
             $this->logger->info('Content-Security-Policy not enforced due to existence of custom header', [