[WebProfilerBundle] Fix CORS ajax security issues
This commit is contained in:
parent
66da91d030
commit
f8dd87d7cc
@ -80,6 +80,20 @@
|
||||
|
||||
requestStack = [],
|
||||
|
||||
extractHeaders = function(xhr, stackElement) {
|
||||
// Here we avoid to call xhr.getResponseHeader in order to
|
||||
// prevent polluting the console with CORS security errors
|
||||
var allHeaders = xhr.getAllResponseHeaders();
|
||||
var ret;
|
||||
|
||||
if (ret = allHeaders.match(/^x-debug-token:\s+(.*)$/im)) {
|
||||
stackElement.profile = ret[1];
|
||||
}
|
||||
if (ret = allHeaders.match(/^x-debug-token-link:\s+(.*)$/im)) {
|
||||
stackElement.profilerUrl = ret[1];
|
||||
}
|
||||
},
|
||||
|
||||
renderAjaxRequests = function() {
|
||||
var requestCounter = document.querySelectorAll('.sf-toolbar-ajax-requests');
|
||||
if (!requestCounter.length) {
|
||||
@ -239,8 +253,8 @@
|
||||
stackElement.duration = new Date() - stackElement.start;
|
||||
stackElement.loading = false;
|
||||
stackElement.error = self.status < 200 || self.status >= 400;
|
||||
stackElement.profile = self.getResponseHeader("X-Debug-Token");
|
||||
stackElement.profilerUrl = self.getResponseHeader("X-Debug-Token-Link");
|
||||
|
||||
extractHeaders(self, stackElement);
|
||||
|
||||
Sfjs.renderAjaxRequests();
|
||||
}
|
||||
|
Reference in New Issue
Block a user