Closed
Description
| Q | A |
|---|---|
| Bug report? | yes |
| Feature request? | no |
| BC Break report? | no |
| RFC? | no |
| Symfony version | 3.2.0 |
Unless I'm missing something #18568 doesn't fully fix the compatibility of the toolbar with content security policy, JS works fine but the toolbar CSS is blocked.
The reason is the CSS is injected from an XHR request and so has a different nonce than the one set in the CSP header.
A solution that works is to move the CSS into the toolbar_js.html.twig view.
I've prepared a branch with a few test actions to illustrate the problem: