diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler

Browse Source 
If a `style-src-elem` or `script-src-elem` Content Security Policy exist, the WebProfiler Styles or Scripts will be rejected as the nonce is missing.
This commit is contained in:
ampaze 2020-04-02 13:53:10 +02:00 committed by GitHub
parent 5da141b8d0
commit 7f33f1fa3a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Symfony/Bundle/WebProfilerBundle/Csp/ContentSecurityPolicyHandler.php
View File

@ -128,7 +128,7 @@ class ContentSecurityPolicyHandler
$headers = $this->getCspHeaders($response);
foreach ($headers as $header => $directives) {
foreach (['script-src' => 'csp_script_nonce', 'style-src' => 'csp_style_nonce'] as $type => $tokenName) {
foreach (['script-src' => 'csp_script_nonce', 'script-src-elem' => 'csp_script_nonce', 'style-src' => 'csp_style_nonce', 'style-src-elem' => 'csp_style_nonce'] as $type => $tokenName) {
if ($this->authorizesInline($directives, $type)) {
continue;
}