October 13, 2016 Javier Eguiluz

Made the toolbar compatible with Content Security Policy¶ Contributed by

Romain Neutron

in #18568. The new Content Security Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP Header. If your application defines such a policy, the script-src or style-src directives could disallow unsafe inlines, which would prevent the loading of the web debug toolbar. In Symfony 3.2 we made the web debug toolbar compatible with those kind of Content Security Policies. Internally this change required massive code updates, but for developers it will be completely transparent and it won't require any change in their applications.

Used VarDumper in the profiler¶ Contributed by

Wouter De Jong and Nicolas Grekas

in #19614. The Symfony profiler displays the contents of lots of variables. The dumping of those contents is made in the profiler itself and is challenging for variables that are complex arrays or objects. In Symfony 3.2 we decided to use the VarDumper component to dump the contents of all variables. This will make the information easier to understand thanks to the new syntax highlighting and the toggles to reveal/collapse long contents:

Added support for window.fetch calls¶ Contributed by

Ivo Bathke

in #19576. The Fetch JavaScript API provides an interface for fetching resources in a similar fashion to XMLHttpRequest/Ajax. However, the new API provides a more powerful and flexible feature set and that's why lots of developers are replacing Ajax with it. The web debug toolbar includes a panel with the profiles of the requests made via Ajax. In Symfony 3.2, this panel will also display the requests made with the new fetch API.