On 09/11/2017 11:51 AM, Luis Speciale wrote:
> Le 11/09/2017 à 11:38, Mitchell Krog Photography a écrit :
>> As per the original article from Scott Helme that you intially
>> referred to, you will need to generate a random string yourself.
>> Something like this might help you in the right direction -
>> https://gist.github.com/earthgecko/3089509
>
>
> I was trying to do this with %{UNIQUE_ID} and %{TIME}, but this
> variables works in the httpd config but they appear litterally in the
> content. I need an idea or a suggestion about how achieve this
> otherwise, and that's what I can't figure how.
>
> Thanks for the answer.
You could alternately use mod_lua as an output filter.
LuaOutputFilter fixupNonce /path/to/nonce.lua nonce
SetOutputFilter fixupNonce # or AddOutputFilterByType
and then in nonce.lua, you'd have:
function fixNonce(stype, str)
if str:match("src=") then
return ("<%s%s>"):format(stype, str)
else
return ("<%s nonce-%s %s>"):format(stype, nid, str)
end
end
function nonce(r)
coroutine.yield()
-- make a random nonce ID for this session
nid = r:sha1(math.random(1,99999999) .. r.useragent_ip)
-- for each bucket, substitute script/style if internal
while bucket do
bucket = bucket:gsub("<(script)(%s*.-)>", fixNonce)
bucket = bucket:gsub("<(style)(%s*.-)>", fixNonce)
coroutine.yield(bucket)
end
end
>
> Luis
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|