From 7f33f1fa3a0c0fab863b4e6b67e2de9a68384cf8 Mon Sep 17 00:00:00 2001
From: ampaze <ampaze@gmail.com>
Date: Thu, 2 Apr 2020 13:53:10 +0200
Subject: [PATCH] Support for Content Security Policy style-src-elem and
 script-src-elem in WebProfiler

If a `style-src-elem` or `script-src-elem` Content Security Policy exist, the WebProfiler Styles or Scripts will be rejected as the nonce is missing.
---
 .../WebProfilerBundle/Csp/ContentSecurityPolicyHandler.php      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Symfony/Bundle/WebProfilerBundle/Csp/ContentSecurityPolicyHandler.php b/src/Symfony/Bundle/WebProfilerBundle/Csp/ContentSecurityPolicyHandler.php
index a38e7c686fd0a..e62895fe6d2b2 100644
--- a/src/Symfony/Bundle/WebProfilerBundle/Csp/ContentSecurityPolicyHandler.php
+++ b/src/Symfony/Bundle/WebProfilerBundle/Csp/ContentSecurityPolicyHandler.php
@@ -128,7 +128,7 @@ private function updateCspHeaders(Response $response, array $nonces = [])
         $headers = $this->getCspHeaders($response);
 
         foreach ($headers as $header => $directives) {
-            foreach (['script-src' => 'csp_script_nonce', 'style-src' => 'csp_style_nonce'] as $type => $tokenName) {
+            foreach (['script-src' => 'csp_script_nonce', 'script-src-elem' => 'csp_script_nonce', 'style-src' => 'csp_style_nonce', 'style-src-elem' => 'csp_style_nonce'] as $type => $tokenName) {
                 if ($this->authorizesInline($directives, $type)) {
                     continue;
                 }