You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Feb 27, 2026. It is now read-only.
Nonce based CSP (with respect to script tags) will help to reduce XSS attack surfaces on web applications built with this bundle. The amount of CSP support already built into the Symfony project is somewhat limited. Discussions remain open with regards to implementing some level of the NelmioSecurityBundle which provides CSP for symfony web applications.
This feature regardless of the level of support is non-trivial and likely will involve interfacing with the Twig templating engine to ensure that nonce replacement/insertion is handled correctly.
Steps to Implement Soltution
Research CSP modules in Symfony and other bundles
Decide on what depth CSP should be implemented in bundle
Expected Behavior
Nonce based CSP (with respect to script tags) will help to reduce XSS attack surfaces on web applications built with this bundle. The amount of CSP support already built into the Symfony project is somewhat limited. Discussions remain open with regards to implementing some level of the NelmioSecurityBundle which provides CSP for symfony web applications.
This feature regardless of the level of support is non-trivial and likely will involve interfacing with the Twig templating engine to ensure that nonce replacement/insertion is handled correctly.
Steps to Implement Soltution
Linked
#16