From 99b25fb293ac66acbd23510b8b2f6ef86d858542 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sun, 28 Aug 2022 18:40:16 +0200
Subject: [PATCH] Disable content security policy in development env, as
 symfony profiler uses a lot of inline js

---
 config/packages/nelmio_security.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/config/packages/nelmio_security.yaml b/config/packages/nelmio_security.yaml
index 24e0a50d..d97b3983 100644
--- a/config/packages/nelmio_security.yaml
+++ b/config/packages/nelmio_security.yaml
@@ -58,3 +58,9 @@ nelmio_security:
                 - 'data:'
             block-all-mixed-content: true # defaults to false, blocks HTTP content over HTTPS transport
             # upgrade-insecure-requests: true # defaults to false, upgrades HTTP requests to HTTPS transport
+
+when@dev:
+    # disables the Content-Security-Policy header
+    nelmio_security:
+        csp:
+            enabled: false
\ No newline at end of file