8000 bug #36315 [WebProfilerBundle] Support for Content Security Policy st… · symfony/symfony@004f1f3 · GitHub
[go: up one dir, main page]
Skip to content

Commit 004f1f3

Browse files
fabpotfabpot
committed
bug #36315 [WebProfilerBundle] Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler (ampaze)
This PR was merged into the 3.4 branch. Discussion ---------- [WebProfilerBundle] Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no <!-- please update src/**/CHANGELOG.md files --> | Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files --> | License | MIT If a `style-src-elem` or `script-src-elem` Content Security Policy exist, the WebProfiler Styles or Scripts will be rejected as the nonce is missing. Commits ------- 7f33f1f Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
2 parents 21a6ab0 + 7f33f1f commit 004f1f3

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/Symfony/Bundle/WebProfilerBundle/Csp/ContentSecurityPolicyHandler.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -128,7 +128,7 @@ private function updateCspHeaders(Response $response, array $nonces = [])
128128
$headers = $this->getCspHeaders($response);
129129

130130
foreach ($headers as $header => $directives) {
131-
foreach (['script-src' => 'csp_script_nonce', 'style-src' => 'csp_style_nonce'] as $type => $tokenName) {
131+
foreach (['script-src' => 'csp_script_nonce', 'script-src-elem' => 'csp_script_nonce', 'style-src' => 'csp_style_nonce', 'style-src-elem' => 'csp_style_nonce'] as $type => $tokenName) {
132132
if ($this->authorizesInline($directives, $type)) {
133133
continue;
134134
}

0 commit comments

Comments
 (0)
0