[WebProfilerBundle] Fix content-security-policy compatibility

romainneutron · romainneutron · commit 4acec8973f00 · 2017-03-21T11:36:15.000+01:00
This fixes the compatibility of the bundle in case of a `style-src 'self'` policy.
diff --git a/src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/toolbar.html.twig b/src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/toolbar.html.twig
@@ -4,9 +4,6 @@
         {{ include('@WebProfiler/Icon/symfony.svg') }}
     </a>
 </div>
-<style{% if csp_style_nonce %} nonce="{{ csp_style_nonce }}"{% endif %}>
-    {{ include('@WebProfiler/Profiler/toolbar.css.twig', { 'position': position, 'floatable': true }) }}
-</style>
 <div id="sfToolbarClearer-{{ token }}" class="sf-toolbar-clearer"></div>
 
 <div id="sfToolbarMainContent-{{ token }}" class="sf-toolbarreset clear-fix" data-no-turbolink>
diff --git a/src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/toolbar_js.html.twig b/src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/toolbar_js.html.twig
@@ -1,5 +1,8 @@
 <div id="sfwdt{{ token }}" class="sf-toolbar sf-display-none"></div>
 {{ include('@WebProfiler/Profiler/base_js.html.twig') }}
+<style{% if csp_style_nonce %} nonce="{{ csp_style_nonce }}"{% endif %}>
+    {{ include('@WebProfiler/Profiler/toolbar.css.twig', { 'position': position, 'floatable': true }) }}
+</style>
 <script{% if csp_script_nonce %} nonce={{ csp_script_nonce }}{% endif %}>/*<![CDATA[*/
     (function () {
         {% if 'top' == position %}
diff --git a/src/Symfony/Bundle/WebProfilerBundle/Tests/Controller/ProfilerControllerTest.php b/src/Symfony/Bundle/WebProfilerBundle/Tests/Controller/ProfilerControllerTest.php
@@ -157,9 +157,9 @@ private function createController($profiler, $twig, $withCSP)
         if ($withCSP) {
             $nonceGenerator = $this->getMockBuilder('Symfony\Bundle\WebProfilerBundle\Csp\NonceGenerator')->getMock();
 
-            return new ProfilerController($urlGenerator, $profiler, $twig, array(), 'normal', new ContentSecurityPolicyHandler($nonceGenerator));
+            return new ProfilerController($urlGenerator, $profiler, $twig, array(), 'bottom', new ContentSecurityPolicyHandler($nonceGenerator));
         }
 
-        return new ProfilerController($urlGenerator, $profiler, $twig, array(), 'normal');
+        return new ProfilerController($urlGenerator, $profiler, $twig, array());
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -157,9 +157,9 @@ private function createController($profiler, $twig, $withCSP)`
`157`	`157`	`if ($withCSP) {`
`158`	`158`	`$nonceGenerator = $this->getMockBuilder('Symfony\Bundle\WebProfilerBundle\Csp\NonceGenerator')->getMock();`
`159`	`159`
`160`		`- return new ProfilerController($urlGenerator, $profiler, $twig, array(), 'normal', new ContentSecurityPolicyHandler($nonceGenerator));`
	`160`	`+ return new ProfilerController($urlGenerator, $profiler, $twig, array(), 'bottom', new ContentSecurityPolicyHandler($nonceGenerator));`
`161`	`161`	`}`
`162`	`162`
`163`		`- return new ProfilerController($urlGenerator, $profiler, $twig, array(), 'normal');`
	`163`	`+ return new ProfilerController($urlGenerator, $profiler, $twig, array());`
`164`	`164`	`}`
`165`	`165`	`}`