Le 11/09/2017 à 12:02, Daniel Gruno a écrit :
On 09/11/2017 11:51 AM, Luis Speciale wrote:Le 11/09/2017 à 11:38, Mitchell Krog Photography a écrit :As per the original article from Scott Helme that you intially referred to, you will need to generate a random string yourself. Something like this might help you in the right direction - https://gist.github.com/earthgecko/3089509I was trying to do this with %{UNIQUE_ID} and %{TIME}, but this variables works in the httpd config but they appear litterally in the content. I need an idea or a suggestion about how achieve this otherwise, and that's what I can't figure how. Thanks for the answer.You could alternately use mod_lua as an output filter. LuaOutputFilter fixupNonce /path/to/nonce.lua nonce SetOutputFilter fixupNonce # or AddOutputFilterByType and then in nonce.lua, you'd have: function fixNonce(stype, str) if str:match("src=") then return ("<%s%s>"):format(stype, str) else return ("<%s nonce-%s %s>"):format(stype, nid, str) end end function nonce(r) coroutine.yield() -- make a random nonce ID for this session nid = r:sha1(math.random(1,99999999) .. r.useragent_ip) -- for each bucket, substitute script/style if internal while bucket do bucket = bucket:gsub("<(script)(%s*.-)>", fixNonce) bucket = bucket:gsub("<(style)(%s*.-)>", fixNonce) coroutine.yield(bucket) end end
I'm going to try this today and I will tell you what happens, thanks!!!!! Luis --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|