bug #22090 [WebProfilerBundle] Fix Content-Security-Policy compatibility in case of a style-src 'self'
policy (romainneutron)
This PR was merged into the 3.2 branch.
Discussion
----------
[WebProfilerBundle] Fix Content-Security-Policy compatibility in case of a `style-src 'self'` policy
| Q | A
| ------------- | ---
| Branch? | 3.2 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #22053 #20963
| License | MIT
This fixes the compatibility of the bundle in case of a `style-src 'self'` policy.
This PR must be rebased once #22089 is merged
Commits
-------
4acec8973f
[WebProfilerBundle] Fix content-security-policy compatibility
This commit is contained in:
commit
74a1cc34eb
@ -4,9 +4,6 @@
|
||||
{{ include('@WebProfiler/Icon/symfony.svg') }}
|
||||
</a>
|
||||
</div>
|
||||
<style{% if csp_style_nonce %} nonce="{{ csp_style_nonce }}"{% endif %}>
|
||||
{{ include('@WebProfiler/Profiler/toolbar.css.twig', { 'position': position, 'floatable': true }) }}
|
||||
</style>
|
||||
<div id="sfToolbarClearer-{{ token }}" class="sf-toolbar-clearer"></div>
|
||||
|
||||
<div id="sfToolbarMainContent-{{ token }}" class="sf-toolbarreset clear-fix" data-no-turbolink>
|
||||
|
@ -1,5 +1,8 @@
|
||||
<div id="sfwdt{{ token }}" class="sf-toolbar sf-display-none"></div>
|
||||
{{ include('@WebProfiler/Profiler/base_js.html.twig') }}
|
||||
<style{% if csp_style_nonce %} nonce="{{ csp_style_nonce }}"{% endif %}>
|
||||
{{ include('@WebProfiler/Profiler/toolbar.css.twig', { 'position': position, 'floatable': true }) }}
|
||||
</style>
|
||||
<script{% if csp_script_nonce %} nonce={{ csp_script_nonce }}{% endif %}>/*<![CDATA[*/
|
||||
(function () {
|
||||
{% if 'top' == position %}
|
||||
|
@ -157,9 +157,9 @@ class ProfilerControllerTest extends TestCase
|
||||
if ($withCSP) {
|
||||
$nonceGenerator = $this->getMockBuilder('Symfony\Bundle\WebProfilerBundle\Csp\NonceGenerator')->getMock();
|
||||
|
||||
return new ProfilerController($urlGenerator, $profiler, $twig, array(), 'normal', new ContentSecurityPolicyHandler($nonceGenerator));
|
||||
return new ProfilerController($urlGenerator, $profiler, $twig, array(), 'bottom', new ContentSecurityPolicyHandler($nonceGenerator));
|
||||
}
|
||||
|
||||
return new ProfilerController($urlGenerator, $profiler, $twig, array(), 'normal');
|
||||
return new ProfilerController($urlGenerator, $profiler, $twig, array());
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user