Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 65e6faa

Browse filesBrowse files
fabpotfabpot
committed
bug #44570 [WebProfilerBundle] add nonces to profiler (garak)
This PR was merged into the 4.4 branch. Discussion ---------- [WebProfilerBundle] add nonces to profiler | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #44472 | License | MIT | Doc PR | none Commits ------- cbd670f add nonces to profiler
2 parents 989175a + cbd670f commit 65e6faa
Copy full SHA for 65e6faa

File tree

3 files changed

+11
-9
lines changed
Filter options

3 files changed

+11
-9
lines changed

‎src/Symfony/Bundle/WebProfilerBundle/Controller/ProfilerController.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/WebProfilerBundle/Controller/ProfilerController.php
+7-7Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,7 @@ public function panelAction(Request $request, $token)
8888
}
8989

9090
if (!$profile = $this->profiler->loadProfile($token)) {
91-
return new Response($this->twig->render('@WebProfiler/Profiler/info.html.twig', ['about' => 'no_token', 'token' => $token, 'request' => $request]), 200, ['Content-Type' => 'text/html']);
91+
return $this->renderWithCspNonces($request, '@WebProfiler/Profiler/info.html.twig', ['about' => 'no_token', 'token' => $token, 'request' => $request]);
9292
}
9393

9494
if (null === $panel) {
@@ -111,7 +111,7 @@ public function panelAction(Request $request, $token)
111111
throw new NotFoundHttpException(sprintf('Panel "%s" is not available for token "%s".', $panel, $token));
112112
}
113113

114-
return new Response($this->twig->render($this->getTemplateManager()->getName($profile, $panel), [
114+
return $this->renderWithCspNonces($request, $this->getTemplateManager()->getName($profile, $panel), [
115115
'token' => $token,
116116
'profile' => $profile,
117117
'collector' => $profile->getCollector($panel),
@@ -121,7 +121,7 @@ public function panelAction(Request $request, $token)
121121
'templates' => $this->getTemplateManager()->getNames($profile),
122122
'is_ajax' => $request->isXmlHttpRequest(),
123123
'profiler_markup_version' => 2, // 1 = original profiler, 2 = Symfony 2.8+ profiler
124-
]), 200, ['Content-Type' => 'text/html']);
124+
]);
125125
}
126126

127127
/**
@@ -252,7 +252,7 @@ public function searchResultsAction(Request $request, $token)
252252
$end = $request->query->get('end', null);
253253
$limit = $request->query->get('limit');
254254

255-
return new Response($this->twig->render('@WebProfiler/Profiler/results.html.twig', [
255+
return $this->renderWithCspNonces($request, '@WebProfiler/Profiler/results.html.twig', [
256256
'request' => $request,
257257
'token' => $token,
258258
'profile' => $profile,
@@ -265,7 +265,7 @@ public function searchResultsAction(Request $request, $token)
265265
'end' => $end,
266266
'limit' => $limit,
267267
'panel' => null,
268-
]), 200, ['Content-Type' => 'text/html']);
268+
]);
269269
}
270270

271271
/**
@@ -367,11 +367,11 @@ public function openAction(Request $request)
367367
throw new NotFoundHttpException(sprintf('The file "%s" cannot be opened.', $file));
368368
}
369369

370-
return new Response($this->twig->render('@WebProfiler/Profiler/open.html.twig', [
370+
return $this->renderWithCspNonces($request, '@WebProfiler/Profiler/open.html.twig', [
371371
'filename' => $filename,
372372
'file' => $file,
373373
'line' => $line,
374-
]), 200, ['Content-Type' => 'text/html']);
374+
]);
375375
}
376376

377377
/**

‎src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/base.html.twig

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/base.html.twig
+2-2Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,13 +8,13 @@
88
<link rel="icon" type="image/x-icon" sizes="16x16" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAFEUlEQVR4AZVXA4wm2RMf27bXDM/+3/+sYBGfrbVtezc6BWtzfPbYXtvDL9906t6v0vWl05me7q1JzXuvvu4yXnvZgJ9hH6bwZYXLFR739vauUGuDwhq1L1N4Uv/tRYUhFjwcg49hn6aYr1V4TiGp86CoP9Oh1tV414KnM6t9fHymKUZ3DAI0hW4b1AyK3lE8phh5OxWeoJgUGhi5mLm95YzBwcHuhIQEV1JSEoWGhoKWHxYWFmenhJ/B5W0GwZpDt5Ovry9lZWWRyWOu5ORk7JsUpogsq5gnmISTU+HKQoLFQv/qq6/os88+I+EVFRUlSsRZ5oRiVmwlXMWShQkahUdERJCfnx/vd+3aRTU1NXTixAmqrq6mK1eu0PTp05mnrmD+QK6XhLO0XP2O2FJAQICRjjMU4P1PP/1EfX19NGfOHM8Z0N7ezueQkBBXYGAgSWIaQ5Em2T5QzFNSUig9PV3OHOe4uDjZ87p//34C7Nm7x/NcRUUFAX799Vec8Y7m7+8Pz92SfBDXr7VwPYRbxn/MmDG8Tps2jQBd3V30/PPPe35/6qmnaPXq1TR69Gg+h4eHiwwosdLT4dBkQDSXWmJiIq/vv/8+/fvvv3ThwgWqr6+n/Px8oyCmAerq6jy03Nxc2Yv7ySSjQzrmi4i92fVpaWlYOZ79/f2MW7dtpSlTptDp06epo6ODPvroI850ASiGdyZOnEjXrl2jyspKT4XA9cgjkaPL/D8UWG62HokieyQQoKSkRGiMs2bNotraWmprayOBNWvWyO+scGdnp5zF/WYvLEb8TwpRykp1MV7feust6uzqJMD169fpueeeY/rDDz/MKzzgdrsJoGkaffvtt/TFF19wQsIDmzZtssojt+6Fo1CgzKiAvAB3DRs2jAULtLS0eErPGB5Ad3c3lZaWUnFxMfeAd955h5+JjY3FaqXAPwhBnRCNySK4b98+Aoilv/z6i/zGggSk1g0opWupAMvGP91yt96zadWqVdTc3Ezz58/31LOAy+US6zgHBP766y+mDR8+HBUgFWSnQI2EAFnqlpcaGxsJIFkMN8L9AnPnzmX6jRs3SACeAi0vL888JwYPgTEJpauhnADo6/LSgQMHCHD37l2Cp15//XXq7eslgKb+Fi1exM9lZmbaCDclIcpQQhATE4OVsrOzuamg+cyePZuzG64Hrlu3jp9ZuWolCdy+fZueeOIJpkdHR1sLHqgM0Yh0bTRz1m7fvp2KiopYkYKCApo8ebLZIwzlFeXSOXEnsLPe2Ij+p5DbYYdOdOtDQ0rNjFya5sTcsGGDcTDZoXTcNoVBMoxWyzDS2yXmOyeUtGSskmDjx4/nRgPAfBDmMpZtUIbRcsi2GsfSD2QYyd2OcdmyZSSwdu1apuXk5GB16v4bak0yX0imyIUEgwNovFTglhMZGcm0srIy43zAVUxuTLbW4xn17Fci23wly9dngUummrTaixcvMpOtW7fiiBwQpqKYU9efHuxDJE5hC9wvL9TW1RLg+PHjPGTQ8wsLC4WpDC5Y5UR4k5qKMSLT6lqeAiX0nuAaMmSI9sMPP9CZM2foyJEj9O677wpTVIuTjidNp0HibvttoH9E5OMqbWKkSaNSlojldoLF7TEP+nUEmKI62y1kOBINbVaNarcI0PuGGUlHyfYvLHg7/jhFSFYqZh0P8KHSptd5ksOPU3tvqAEUot/hFmOIYJLp87wGe9Dwm95eg5xa/R8G6d8U5EcFhwAAAABJRU5ErkJggg==">
99

1010
{% block head %}
11-
<style>
11+
<style{% if csp_style_nonce is defined and csp_style_nonce %} nonce="{{ csp_style_nonce }}"{% endif %}">
1212
{{ include('@WebProfiler/Profiler/profiler.css.twig') }}
1313
</style>
1414
{% endblock %}
1515
</head>
1616
<body>
17-
<script>
17+
<script{% if csp_script_nonce is defined and csp_script_nonce %} nonce="{{ csp_script_nonce }}"{% endif %}">
1818
document.body.classList.add(
1919
localStorage.getItem('symfony/profiler/theme') || (matchMedia('(prefers-color-scheme: dark)').matches ? 'theme-dark' : 'theme-light'),
2020
localStorage.getItem('symfony/profiler/width') || 'width-normal'

‎src/Symfony/Bundle/WebProfilerBundle/Tests/Controller/ProfilerControllerTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Bundle/WebProfilerBundle/Tests/Controller/ProfilerControllerTest.php
+2Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -285,6 +285,8 @@ public function testSearchResultsAction($withCsp)
285285
'limit' => 2,
286286
'panel' => null,
287287
'request' => $request,
288+
'csp_script_nonce' => $withCsp ? 'dummy_nonce' : null,
289+
'csp_style_nonce' => $withCsp ? 'dummy_nonce' : null,
288290
]));
289291

290292
$response = $controller->searchResultsAction($request, 'empty');

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.