Only set X-Profiler header if CSRF header would also be set

FriendsOfShopware / FroshProfiler

This plugin allows you to profile your Shopware 5 application

MIT License

159 stars 41 forks source link

Only set X-Profiler header if CSRF header would also be set #126

Closed mjossdev closed 2 years ago

mjossdev commented 2 years ago

On cross origin requests the X-Profiler header can cause problems, if Access-Control-Allow-Headers is used by the server. This solution is adapted from the CSRF protection.

shyim commented 2 years ago

Thanks! 💙