genuineparts/alltube
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Debug bar

Browse source
This commit is contained in:
Pierre Rudloff 2021-02-06 15:00:26 +01:00
parent 58f79c5012
commit 5c0ed594f3
9 changed files with 149 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

10
classes/Middleware/CspMiddleware.php
View file

@ -37,7 +37,8 @@ class CspMiddleware
public function applyHeader(Response $response): MessageInterface
{
$csp = new CSPBuilder();
$csp->addDirective('default-src', [])
$csp->disableOldBrowserSupport()
->addDirective('default-src', [])
->addDirective('font-src', ['self' => true])
->addDirective('style-src', ['self' => true])
->addDirective('manifest-src', ['self' => true])
@ -47,9 +48,10 @@ class CspMiddleware
->addSource('img-src', '*');
if ($this->config->debug) {
// So symfony/debug and symfony/error-handler can work.
$csp->setDirective('script-src', ['unsafe-inline' => true])
->setDirective('style-src', ['self' => true, 'unsafe-inline' => true]);
// So maximebf/debugbar, symfony/debug and symfony/error-handler can work.
$csp->setDirective('script-src', ['self' => true, 'unsafe-inline' => true])
->setDirective('style-src', ['self' => true, 'unsafe-inline' => true])
->addSource('img-src', 'data:');
}
return $csp->injectCSPHeader($response);