Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

unsafe-eval required in content security policy for profiling toolbar in Symfony 4.1 #27583

New issue
Copy link
New issue
Copy link
Closed
Closed
unsafe-eval required in content security policy for profiling toolbar in Symfony 4.1#27583
Copy link
Labels
BugStatus: Needs ReviewWebProfilerBundle
@rpkamp

Description

@rpkamp
rpkamp
opened on Jun 12, 2018
Issue body actions

Symfony version(s) affected: 4.1.0

Description
Commit 0cd51ae added a call to Javascript's eval function, which is not allowed under a strict content security policy. We have this strict policy on development as well in production because we don't want to find out about CSP violations in production only.

How to reproduce
Open a webpage with the Symfony profiling toolbar while CSP is enabled and unsafe-eval is not allowed

Possible Solution
It would be best if eval wouldn't be needed at all, but I'm not sure if that's an option

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugStatus: Needs ReviewWebProfilerBundle

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      Morty Proxy This is a proxified and sanitized view of the page, visit original site.