symfony
diff --git a/‎src/Symfony/Component/HttpKernel/EventListener/ExceptionListener.php‎
Lines changed: 11 additions & 0 deletions b/‎src/Symfony/Component/HttpKernel/EventListener/ExceptionListener.php‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/Tests/EventListener/ExceptionListenerTest.php‎
Lines changed: 29 additions & 0 deletions b/‎src/Symfony/Component/HttpKernel/Tests/EventListener/ExceptionListenerTest.php‎
Lines changed: 29 additions & 0 deletions
@@ -13,7 +13,9 @@
 
 use Psr\Log\LoggerInterface;
 use Symfony\Component\Debug\Exception\FlattenException;
+use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
 use Symfony\Component\HttpKernel\Log\DebugLoggerInterface;
 use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
 use Symfony\Component\HttpKernel\KernelEvents;
@@ -41,6 +43,7 @@ public function onKernelException(GetResponseForExceptionEvent $event)
     {
         $exception = $event->getException();
         $request = $event->getRequest();
+        $eventDispatcher = func_num_args() > 2 ? func_get_arg(2) : null;
 
         $this->logException($exception, sprintf('Uncaught PHP Exception %s: "%s" at %s line %s', get_class($exception), $exception->getMessage(), $exception->getFile(), $exception->getLine()));
 
@@ -67,6 +70,14 @@ public function onKernelException(GetResponseForExceptionEvent $event)
         }
 
         $event->setResponse($response);
+
+        if ($eventDispatcher instanceof EventDispatcherInterface) {
             $cspRemovalListener = function (FilterResponseEvent $event) use (&$cspRemovalListener, $eventDispatcher) {
+                $event->getResponse()->headers->remove('Content-Security-Policy');
+                $eventDispatcher->removeListener(KernelEvents::RESPONSE, $cspRemovalListener);
+            };
+            $eventDispatcher->addListener(KernelEvents::RESPONSE, $cspRemovalListener, -128);
+        }
     }
 
     public static function getSubscribedEvents()
 
@@ -12,8 +12,11 @@
 namespace Symfony\Component\HttpKernel\Tests\EventListener;
 
 use PHPUnit\Framework\TestCase;
+use Symfony\Component\EventDispatcher\EventDispatcher;
+use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
 use Symfony\Component\HttpKernel\EventListener\ExceptionListener;
 use Symfony\Component\HttpKernel\Log\DebugLoggerInterface;
 use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
 use Symfony\Component\HttpFoundation\Request;
@@ -122,6 +125,32 @@ public function testSubRequestFormat()
         $response = $event->getResponse();
         $this->assertEquals('xml', $response->getContent());
     }
+
+    public function testCSPHeaderIsRemoved()
+    {
+        $dispatcher = new EventDispatcher();
+        $kernel = $this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock();
+        $kernel->expects($this->once())->method('handle')->will($this->returnCallback(function (Request $request) {
+            return new Response($request->getRequestFormat());
+        }));
+
+        $listener = new ExceptionListener('foo', $this->getMockBuilder('Psr\Log\LoggerInterface')->getMock());
+
+        $dispatcher->addSubscriber($listener);
+
+        $request = Request::create('/');
+        $event = new GetResponseForExceptionEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST, new \Exception('foo'));
+        $dispatcher->dispatch(KernelEvents::EXCEPTION, $event);
+
+        $response = new Response('', 200, array('content-security-policy' => "style-src 'self'"));
+        $this->assertTrue($response->headers->has('content-security-policy'));
+
+        $event = new FilterResponseEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST, $response);
+        $dispatcher->dispatch(KernelEvents::RESPONSE, $event);
+
+        $this->assertFalse($response->headers->has('content-security-policy'), 'CSP header has been removed');
+        $this->assertFalse($dispatcher->hasListeners(KernelEvents::RESPONSE), 'CSP removal listener has been removed');
+    }
 }
 
 class TestLogger extends Logger implements DebugLoggerInterface