Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit f33a383

Browse filesBrowse files
ostroluckyostrolucky
committed
[HttpKernel] Disable CSP header on exception pages
1 parent 62c11e5 commit f33a383
Copy full SHA for f33a383

File tree

2 files changed

+40
-0
lines changed
Filter options

2 files changed

+40
-0
lines changed

‎src/Symfony/Component/HttpKernel/EventListener/ExceptionListener.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/EventListener/ExceptionListener.php
+11Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,9 @@
1313

1414
use Psr\Log\LoggerInterface;
1515
use Symfony\Component\Debug\Exception\FlattenException;
16+
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
1617
use Symfony\Component\HttpFoundation\Request;
18+
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
1719
use Symfony\Component\HttpKernel\Log\DebugLoggerInterface;
1820
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
1921
use Symfony\Component\HttpKernel\KernelEvents;
@@ -41,6 +43,7 @@ public function onKernelException(GetResponseForExceptionEvent $event)
4143
{
4244
$exception = $event->getException();
4345
$request = $event->getRequest();
46+
$eventDispatcher = func_num_args() > 2 ? func_get_arg(2) : null;
4447

4548
$this->logException($exception, sprintf('Uncaught PHP Exception %s: "%s" at %s line %s', get_class($exception), $exception->getMessage(), $exception->getFile(), $exception->getLine()));
4649

@@ -67,6 +70,14 @@ public function onKernelException(GetResponseForExceptionEvent $event)
6770
}
6871

6972
$event->setResponse($response);
73+
74+
if ($eventDispatcher instanceof EventDispatcherInterface) {
75+
$cspRemovalListener = function (FilterResponseEvent $event) use (&$cspRemovalListener, $eventDispatcher) {
76+
$event->getResponse()->headers->remove('Content-Security-Policy');
77+
$eventDispatcher->removeListener(KernelEvents::RESPONSE, $cspRemovalListener);
78+
};
79+
$eventDispatcher->addListener(KernelEvents::RESPONSE, $cspRemovalListener, -128);
80+
}
7081
}
7182

7283
public static function getSubscribedEvents()

‎src/Symfony/Component/HttpKernel/Tests/EventListener/ExceptionListenerTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Tests/EventListener/ExceptionListenerTest.php
+29Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,11 @@
1212
namespace Symfony\Component\HttpKernel\Tests\EventListener;
1313

1414
use PHPUnit\Framework\TestCase;
15+
use Symfony\Component\EventDispatcher\EventDispatcher;
16+
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
1517
use Symfony\Component\HttpKernel\HttpKernelInterface;
1618
use Symfony\Component\HttpKernel\EventListener\ExceptionListener;
19+
use Symfony\Component\HttpKernel\KernelEvents;
1720
use Symfony\Component\HttpKernel\Log\DebugLoggerInterface;
1821
use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
1922
use Symfony\Component\HttpFoundation\Request;
@@ -122,6 +125,32 @@ public function testSubRequestFormat()
122125
$response = $event->getResponse();
123126
$this->assertEquals('xml', $response->getContent());
124127
}
128+
129+
public function testCSPHeaderIsRemoved()
130+
{
131+
$dispatcher = new EventDispatcher();
132+
$kernel = $this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock();
133+
$kernel->expects($this->once())->method('handle')->will($this->returnCallback(function (Request $request) {
134+
return new Response($request->getRequestFormat());
135+
}));
136+
137+
$listener = new ExceptionListener('foo', $this->getMockBuilder('Psr\Log\LoggerInterface')->getMock());
138+
139+
$dispatcher->addSubscriber($listener);
140+
141+
$request = Request::create('/');
142+
$event = new GetResponseForExceptionEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST, new \Exception('foo'));
143+
$dispatcher->dispatch(KernelEvents::EXCEPTION, $event);
144+
145+
$response = new Response('', 200, array('content-security-policy' => "style-src 'self'"));
146+
$this->assertTrue($response->headers->has('content-security-policy'));
147+
148+
$event = new FilterResponseEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST, $response);
149+
$dispatcher->dispatch(KernelEvents::RESPONSE, $event);
150+
151+
$this->assertFalse($response->headers->has('content-security-policy'), 'CSP header has been removed');
152+
$this->assertFalse($dispatcher->hasListeners(KernelEvents::RESPONSE), 'CSP removal listener has been removed');
153+
}
125154
}
126155

127156
class TestLogger extends Logger implements DebugLoggerInterface

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.