symfony
diff --git a/‎src/Symfony/Bundle/WebProfilerBundle/Controller/ProfilerController.php
Lines changed: 7 additions & 7 deletions b/‎src/Symfony/Bundle/WebProfilerBundle/Controller/ProfilerController.php
Lines changed: 7 additions & 7 deletions
diff --git a/‎src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/base.html.twig
Lines changed: 2 additions & 2 deletions b/‎src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/base.html.twig
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/Symfony/Bundle/WebProfilerBundle/Tests/Controller/ProfilerControllerTest.php
Lines changed: 2 additions & 0 deletions b/‎src/Symfony/Bundle/WebProfilerBundle/Tests/Controller/ProfilerControllerTest.php
Lines changed: 2 additions & 0 deletions
@@ -88,7 +88,7 @@ public function panelAction(Request $request, $token)
         }
 
         if (!$profile = $this->profiler->loadProfile($token)) {
-            return new Response($this->twig->render('@WebProfiler/Profiler/info.html.twig', ['about' => 'no_token', 'token' => $token, 'request' => $request]), 200, ['Content-Type' => 'text/html']);
+            return $this->renderWithCspNonces($request, '@WebProfiler/Profiler/info.html.twig', ['about' => 'no_token', 'token' => $token, 'request' => $request]);
         }
 
         if (null === $panel) {
@@ -111,7 +111,7 @@ public function panelAction(Request $request, $token)
             throw new NotFoundHttpException(sprintf('Panel "%s" is not available for token "%s".', $panel, $token));
         }
 
-        return new Response($this->twig->render($this->getTemplateManager()->getName($profile, $panel), [
+        return $this->renderWithCspNonces($request, $this->getTemplateManager()->getName($profile, $panel), [
             'token' => $token,
             'profile' => $profile,
             'collector' => $profile->getCollector($panel),
@@ -121,7 +121,7 @@ public function panelAction(Request $request, $token)
             'templates' => $this->getTemplateManager()->getNames($profile),
             'is_ajax' => $request->isXmlHttpRequest(),
             'profiler_markup_version' => 2, // 1 = original profiler, 2 = Symfony 2.8+ profiler
-        ]), 200, ['Content-Type' => 'text/html']);
+        ]);
     }
 
     /**
@@ -252,7 +252,7 @@ public function searchResultsAction(Request $request, $token)
         $end = $request->query->get('end', null);
         $limit = $request->query->get('limit');
 
-        return new Response($this->twig->render('@WebProfiler/Profiler/results.html.twig', [
+        return $this->renderWithCspNonces($request, '@WebProfiler/Profiler/results.html.twig', [
             'request' => $request,
             'token' => $token,
             'profile' => $profile,
@@ -265,7 +265,7 @@ public function searchResultsAction(Request $request, $token)
             'end' => $end,
             'limit' => $limit,
             'panel' => null,
+        ]);
     }
 
     /**
@@ -367,11 +367,11 @@ public function openAction(Request $request)
             throw new NotFoundHttpException(sprintf('The file "%s" cannot be opened.', $file));
         }
 
-        return new Response($this->twig->render('@WebProfiler/Profiler/open.html.twig', [
+        return $this->renderWithCspNonces($request, '@WebProfiler/Profiler/open.html.twig', [
             'filename' => $filename,
             'file' => $file,
             'line' => $line,
-         ]), 200, ['Content-Type' => 'text/html']);
+        ]);
     }
 
     /**
 
@@ -8,13 +8,13 @@
         <link rel="icon" type="image/x-icon" sizes="16x16" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAFEUlEQVR4AZVXA4wm2RMf27bXDM/+3/+sYBGfrbVtezc6BWtzfPbYXtvDL9906t6v0vWl05me7q1JzXuvvu4yXnvZgJ9hH6bwZYXLFR739vauUGuDwhq1L1N4Uv/tRYUhFjwcg49hn6aYr1V4TiGp86CoP9Oh1tV414KnM6t9fHymKUZ3DAI0hW4b1AyK3lE8phh5OxWeoJgUGhi5mLm95YzBwcHuhIQEV1JSEoWGhoKWHxYWFmenhJ/B5W0GwZpDt5Ovry9lZWWRyWOu5ORk7JsUpogsq5gnmISTU+HKQoLFQv/qq6/os88+I+EVFRUlSsRZ5oRiVmwlXMWShQkahUdERJCfnx/vd+3aRTU1NXTixAmqrq6mK1eu0PTp05mnrmD+QK6XhLO0XP2O2FJAQICRjjMU4P1PP/1EfX19NGfOHM8Z0N7ezueQkBBXYGAgSWIaQ5Em2T5QzFNSUig9PV3OHOe4uDjZ87p//34C7Nm7x/NcRUUFAX799Vec8Y7m7+8Pz92SfBDXr7VwPYRbxn/MmDG8Tps2jQBd3V30/PPPe35/6qmnaPXq1TR69Gg+h4eHiwwosdLT4dBkQDSXWmJiIq/vv/8+/fvvv3ThwgWqr6+n/Px8oyCmAerq6jy03Nxc2Yv7ySSjQzrmi4i92fVpaWlYOZ79/f2MW7dtpSlTptDp06epo6ODPvroI850ASiGdyZOnEjXrl2jyspKT4XA9cgjkaPL/D8UWG62HokieyQQoKSkRGiMs2bNotraWmprayOBNWvWyO+scGdnp5zF/WYvLEb8TwpRykp1MV7feust6uzqJMD169fpueeeY/rDDz/MKzzgdrsJoGkaffvtt/TFF19wQsIDmzZtssojt+6Fo1CgzKiAvAB3DRs2jAULtLS0eErPGB5Ad3c3lZaWUnFxMfeAd955h5+JjY3FaqXAPwhBnRCNySK4b98+Aoilv/z6i/zGggSk1g0opWupAMvGP91yt96zadWqVdTc3Ezz58/31LOAy+US6zgHBP766y+mDR8+HBUgFWSnQI2EAFnqlpcaGxsJIFkMN8L9AnPnzmX6jRs3SACeAi0vL888JwYPgTEJpauhnADo6/LSgQMHCHD37l2Cp15//XXq7eslgKb+Fi1exM9lZmbaCDclIcpQQhATE4OVsrOzuamg+cyePZuzG64Hrlu3jp9ZuWolCdy+fZueeOIJpkdHR1sLHqgM0Yh0bTRz1m7fvp2KiopYkYKCApo8ebLZIwzlFeXSOXEnsLPe2Ij+p5DbYYdOdOtDQ0rNjFya5sTcsGGDcTDZoXTcNoVBMoxWyzDS2yXmOyeUtGSskmDjx4/nRgPAfBDmMpZtUIbRcsi2GsfSD2QYyd2OcdmyZSSwdu1apuXk5GB16v4bak0yX0imyIUEgwNovFTglhMZGcm0srIy43zAVUxuTLbW4xn17Fci23wly9dngUummrTaixcvMpOtW7fiiBwQpqKYU9efHuxDJE5hC9wvL9TW1RLg+PHjPGTQ8wsLC4WpDC5Y5UR4k5qKMSLT6lqeAiX0nuAaMmSI9sMPP9CZM2foyJEj9O677wpTVIuTjidNp0HibvttoH9E5OMqbWKkSaNSlojldoLF7TEP+nUEmKI62y1kOBINbVaNarcI0PuGGUlHyfYvLHg7/jhFSFYqZh0P8KHSptd5ksOPU3tvqAEUot/hFmOIYJLp87wGe9Dwm95eg5xa/R8G6d8U5EcFhwAAAABJRU5ErkJggg==">
 
         {% block head %}
-            <style>
+            <style{% if csp_style_nonce is defined and csp_style_nonce %} nonce="{{ csp_style_nonce }}"{% endif %}">
                 {{ include('@WebProfiler/Profiler/profiler.css.twig') }}
             </style>
         {% endblock %}
     </head>
     <body>
-        <script>
+        <script{% if csp_script_nonce is defined and csp_script_nonce %} nonce="{{ csp_script_nonce }}"{% endif %}">
             document.body.classList.add(
                 localStorage.getItem('symfony/profiler/theme') || (matchMedia('(prefers-color-scheme: dark)').matches ? 'theme-dark' : 'theme-light'),
                 localStorage.getItem('symfony/profiler/width') || 'width-normal'
 
@@ -285,6 +285,8 @@ public function testSearchResultsAction($withCsp)
                 'limit' => 2,
                 'panel' => null,
                 'request' => $request,
+                'csp_script_nonce' => $withCsp ? 'dummy_nonce' : null,
+                'csp_style_nonce' => $withCsp ? 'dummy_nonce' : null,
             ]));
 
         $response = $controller->searchResultsAction($request, 'empty');