From b77538c2fe168941060965898826cf327f1f23e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gabriel=20Ostroluck=C3=BD?=
 <gabriel.ostrolucky@everlution.sk>
Date: Fri, 26 Jan 2018 02:31:46 +0100
Subject: [PATCH] Disable CSP header on exception pages only in debug

Same condition is used by default TwigBridge ExceptionController
to evaluate if styled exception page is supposed to be shown.
---
 src/Symfony/Bundle/TwigBundle/Resources/config/twig.xml     | 1 +
 .../HttpKernel/EventListener/ExceptionListener.php          | 6 ++++--
 .../Tests/EventListener/ExceptionListenerTest.php           | 2 +-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/Symfony/Bundle/TwigBundle/Resources/config/twig.xml b/src/Symfony/Bundle/TwigBundle/Resources/config/twig.xml
index 0e5f6ec9a4..c0a15e5152 100644
--- a/src/Symfony/Bundle/TwigBundle/Resources/config/twig.xml
+++ b/src/Symfony/Bundle/TwigBundle/Resources/config/twig.xml
@@ -129,6 +129,7 @@
             <tag name="monolog.logger" channel="request" />
             <argument>%twig.exception_listener.controller%</argument>
             <argument type="service" id="logger" on-invalid="null" />
+            <argument>%kernel.debug%</argument>
         </service>
 
         <service id="twig.controller.exception" class="%twig.controller.exception.class%">
diff --git a/src/Symfony/Component/HttpKernel/EventListener/ExceptionListener.php b/src/Symfony/Component/HttpKernel/EventListener/ExceptionListener.php
index b42418e7a2..32d0a130ff 100644
--- a/src/Symfony/Component/HttpKernel/EventListener/ExceptionListener.php
+++ b/src/Symfony/Component/HttpKernel/EventListener/ExceptionListener.php
@@ -32,11 +32,13 @@ class ExceptionListener implements EventSubscriberInterface
 {
     protected $controller;
     protected $logger;
+    protected $debug;
 
-    public function __construct($controller, LoggerInterface $logger = null)
+    public function __construct($controller, LoggerInterface $logger = null, $debug = false)
     {
         $this->controller = $controller;
         $this->logger = $logger;
+        $this->debug = $debug;
     }
 
     public function onKernelException(GetResponseForExceptionEvent $event)
@@ -71,7 +73,7 @@ class ExceptionListener implements EventSubscriberInterface
 
         $event->setResponse($response);
 
-        if ($eventDispatcher instanceof EventDispatcherInterface) {
+        if ($this->debug && $eventDispatcher instanceof EventDispatcherInterface) {
             $cspRemovalListener = function (FilterResponseEvent $event) use (&$cspRemovalListener, $eventDispatcher) {
                 $event->getResponse()->headers->remove('Content-Security-Policy');
                 $eventDispatcher->removeListener(KernelEvents::RESPONSE, $cspRemovalListener);
diff --git a/src/Symfony/Component/HttpKernel/Tests/EventListener/ExceptionListenerTest.php b/src/Symfony/Component/HttpKernel/Tests/EventListener/ExceptionListenerTest.php
index db34f9187b..3cb0b298bb 100644
--- a/src/Symfony/Component/HttpKernel/Tests/EventListener/ExceptionListenerTest.php
+++ b/src/Symfony/Component/HttpKernel/Tests/EventListener/ExceptionListenerTest.php
@@ -134,7 +134,7 @@ class ExceptionListenerTest extends TestCase
             return new Response($request->getRequestFormat());
         }));
 
-        $listener = new ExceptionListener('foo', $this->getMockBuilder('Psr\Log\LoggerInterface')->getMock());
+        $listener = new ExceptionListener('foo', $this->getMockBuilder('Psr\Log\LoggerInterface')->getMock(), true);
 
         $dispatcher->addSubscriber($listener);