8000 Support for Content Security Policy style-src-elem and script-src-ele… · symfony/symfony@7f33f1f · GitHub
[go: up one dir, main page]
Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 7f33f1f

Browse files
ampazeampaze
authored
Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
If a `style-src-elem` or `script-src-elem` Content Security Policy exist, the WebProfiler Styles or Scripts will be rejected as the nonce is missing.
1 parent 5da141b commit 7f33f1f

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/Symfony/Bundle/WebProfilerBundle/Csp/ContentSecurityPolicyHandler.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -128,7 +128,7 @@ private function updateCspHeaders(Response $response, array $nonces = [])
128128
$headers = $this->getCspHeaders($response);
129129

130130
foreach ($headers as $header => $directives) {
131-
foreach (['script-src' => 'csp_script_nonce', 'style-src' => 'csp_style_nonce'] as $type => $tokenName) {
131+
foreach (['script-src' => 'csp_script_nonce', 'script-src-elem' => 'csp_script_nonce', 'style-src' => 'csp_style_nonce', 'style-src-elem' => 'csp_style_nonce'] as $type => $tokenName) {
132132
if ($this->authorizesInline($directives, $type)) {
133133
continue;
134134
}

0 commit comments

Comments
 (0)
0