From b77538c2fe168941060965898826cf327f1f23e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gabriel=20Ostroluck=C3=BD?= Date: Fri, 26 Jan 2018 02:31:46 +0100 Subject: [PATCH] Disable CSP header on exception pages only in debug Same condition is used by default TwigBridge ExceptionController to evaluate if styled exception page is supposed to be shown. --- src/Symfony/Bundle/TwigBundle/Resources/config/twig.xml | 1 + .../HttpKernel/EventListener/ExceptionListener.php | 6 ++++-- .../Tests/EventListener/ExceptionListenerTest.php | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/Symfony/Bundle/TwigBundle/Resources/config/twig.xml b/src/Symfony/Bundle/TwigBundle/Resources/config/twig.xml index 0e5f6ec9a4a37..c0a15e5152ce2 100644 --- a/src/Symfony/Bundle/TwigBundle/Resources/config/twig.xml +++ b/src/Symfony/Bundle/TwigBundle/Resources/config/twig.xml @@ -129,6 +129,7 @@ %twig.exception_listener.controller% + %kernel.debug% diff --git a/src/Symfony/Component/HttpKernel/EventListener/ExceptionListener.php b/src/Symfony/Component/HttpKernel/EventListener/ExceptionListener.php index b42418e7a2940..32d0a130ffd0a 100644 --- a/src/Symfony/Component/HttpKernel/EventListener/ExceptionListener.php +++ b/src/Symfony/Component/HttpKernel/EventListener/ExceptionListener.php @@ -32,11 +32,13 @@ class ExceptionListener implements EventSubscriberInterface { protected $controller; protected $logger; + protected $debug; - public function __construct($controller, LoggerInterface $logger = null) + public function __construct($controller, LoggerInterface $logger = null, $debug = false) { $this->controller = $controller; $this->logger = $logger; + $this->debug = $debug; } public function onKernelException(GetResponseForExceptionEvent $event) @@ -71,7 +73,7 @@ public function onKernelException(GetResponseForExceptionEvent $event) $event->setResponse($response); - if ($eventDispatcher instanceof EventDispatcherInterface) { + if ($this->debug && $eventDispatcher instanceof EventDispatcherInterface) { $cspRemovalListener = function (FilterResponseEvent $event) use (&$cspRemovalListener, $eventDispatcher) { $event->getResponse()->headers->remove('Content-Security-Policy'); $eventDispatcher->removeListener(KernelEvents::RESPONSE, $cspRemovalListener); diff --git a/src/Symfony/Component/HttpKernel/Tests/EventListener/ExceptionListenerTest.php b/src/Symfony/Component/HttpKernel/Tests/EventListener/ExceptionListenerTest.php index db34f9187bd1f..3cb0b298bb07a 100644 --- a/src/Symfony/Component/HttpKernel/Tests/EventListener/ExceptionListenerTest.php +++ b/src/Symfony/Component/HttpKernel/Tests/EventListener/ExceptionListenerTest.php @@ -134,7 +134,7 @@ public function testCSPHeaderIsRemoved() return new Response($request->getRequestFormat()); })); - $listener = new ExceptionListener('foo', $this->getMockBuilder('Psr\Log\LoggerInterface')->getMock()); + $listener = new ExceptionListener('foo', $this->getMockBuilder('Psr\Log\LoggerInterface')->getMock(), true); $dispatcher->addSubscriber($listener); pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy