diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #22090 [WebProfilerBundle] Fix Content-Security-Policy compatibility in case of a style-src 'self' policy (romainneutron)

Browse Source 
This PR was merged into the 3.2 branch.

Discussion
----------

[WebProfilerBundle] Fix Content-Security-Policy compatibility in case of a `style-src 'self'` policy

| Q             | A
| ------------- | ---
| Branch?       | 3.2 <!-- see comment below -->
| Bug fix?      | yes
| New feature?  | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks?    | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass?   | yes
| Fixed tickets | #22053 #20963
| License       | MIT

This fixes the compatibility of the bundle in case of a `style-src 'self'` policy.
This PR must be rebased once #22089 is merged

Commits
-------

4acec8973f [WebProfilerBundle] Fix content-security-policy compatibility
This commit is contained in:
Fabien Potencier 2017-03-21 07:14:48 -07:00
commit 74a1cc34eb
3 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/toolbar.html.twig
View File

@ -4,9 +4,6 @@
{{ include('@WebProfiler/Icon/symfony.svg') }}
</a>
</div>
<style{% if csp_style_nonce %} nonce="{{ csp_style_nonce }}"{% endif %}>
{{ include('@WebProfiler/Profiler/toolbar.css.twig', { 'position': position, 'floatable': true }) }}
</style>
<div id="sfToolbarClearer-{{ token }}" class="sf-toolbar-clearer"></div>
<div id="sfToolbarMainContent-{{ token }}" class="sf-toolbarreset clear-fix" data-no-turbolink>

3
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/toolbar_js.html.twig
View File

@ -1,5 +1,8 @@
<div id="sfwdt{{ token }}" class="sf-toolbar sf-display-none"></div>
{{ include('@WebProfiler/Profiler/base_js.html.twig') }}
<style{% if csp_style_nonce %} nonce="{{ csp_style_nonce }}"{% endif %}>
{{ include('@WebProfiler/Profiler/toolbar.css.twig', { 'position': position, 'floatable': true }) }}
</style>
<script{% if csp_script_nonce %} nonce={{ csp_script_nonce }}{% endif %}>/*<![CDATA[*/
(function () {
{% if 'top' == position %}

4
src/Symfony/Bundle/WebProfilerBundle/Tests/Controller/ProfilerControllerTest.php
View File

@ -157,9 +157,9 @@ class ProfilerControllerTest extends TestCase
if ($withCSP) {
$nonceGenerator = $this->getMockBuilder('Symfony\Bundle\WebProfilerBundle\Csp\NonceGenerator')->getMock();
return new ProfilerController($urlGenerator, $profiler, $twig, array(), 'normal', new ContentSecurityPolicyHandler($nonceGenerator));
return new ProfilerController($urlGenerator, $profiler, $twig, array(), 'bottom', new ContentSecurityPolicyHandler($nonceGenerator));
}
return new ProfilerController($urlGenerator, $profiler, $twig, array(), 'normal');
return new ProfilerController($urlGenerator, $profiler, $twig, array());
}
}