bug #36315 [WebProfilerBundle] Support for Content Security Policy st…

…yle-src-elem and script-src-elem in WebProfiler (ampaze)

This PR was merged into the 3.4 branch.

Discussion
----------

[WebProfilerBundle] Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| License       | MIT

If a `style-src-elem` or `script-src-elem` Content Security Policy exist, the WebProfiler Styles or Scripts will be rejected as the nonce is missing.

Commits
-------

7f33f1f Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler

src/Symfony/Bundle/WebProfilerBundle/Csp/ContentSecurityPolicyHandler.php

@@ -128,7 +128,7 @@ private function updateCspHeaders(Response $response, array $nonces = [])
         $headers = $this->getCspHeaders($response);
 
         foreach ($headers as $header => $directives) {
-            foreach (['script-src' => 'csp_script_nonce', 'style-src' => 'csp_style_nonce'] as $type => $tokenName) {
+            foreach (['script-src' => 'csp_script_nonce', 'script-src-elem' => 'csp_script_nonce', 'style-src' => 'csp_style_nonce', 'style-src-elem' => 'csp_style_nonce'] as $type => $tokenName) {
                 if ($this->authorizesInline($directives, $type)) {
                     continue;
                 }