wyday / mod_cspnonce Goto Github PK
View Code? Open in Web Editor NEWApache2 module that makes it dead simple to add "nonce" values to the CSP (content security policy) headers
License: Apache License 2.0
Apache2 module that makes it dead simple to add "nonce" values to the CSP (content security policy) headers
License: Apache License 2.0
I have an old system running Apache 2.2.29 (Win64) on Windows Server 2012. The pre-compiled module will cause error while starting Apache. The message reads:
httpd: Syntax error on line 508 of D:/Apache/conf/httpd.conf: API module structure 'cspnonce_module' in file D:/Apache/modules/mod_cspnonce.so is garbled - expected signature 41503232 but saw 41503234 - perhaps this is not an Apache module DSO, or was compiled for a different Apache version?
What should I do? If I have to compile it by myself, is there any options I need to change?
Regards,
Gary
Hello,
I just installed the mod_cspnonce 1.14 in Ubuntu server 16.04.07 LTS with apache 2.14.18 and apparently the cspnonce module cannot generate the nonce and makes the apache return error 500. How to solve this?
Thank you.
Hi, is it possible to increase the nonce size?
This validator: https://cspvalidator.org/ says that CSP specification recommends nonce of 128-bits (before encryption)
Hi,
The module always works fantastic for our main.domain, but now we deployed an admin panel on admin.main.domain and in html response it loads ...<script src="/js/app.bec01de2.js" nonce=""></script>.... instead of f.e. nonce=nonce-3uR3CIhP/fWxT3n/Tefw35rO which I can see in the header. Any idea what might be causing this strange behaviour?
Apache/2.4.54 (Ubuntu 22.04)
CSP deployed in main apache.conf file
Hi,
Using apache 2.4 and have apxs installed.
upon compilation, we are seeing errors with TIME_UTC. Looking online it seems there have been some issues with this and MACOS, but we are using RedHat, so i would assume we wouldn't have issues with time.h
please see error from commandline.
I am getting null value for the CSP Nonce. Is any particular reason for that?
httpd version - Apache/2.4.6 (CentOS)
kernal version - 5.4.168-1.el7.elrepo.x86_64
os name and its version - CentOS Linux 7 (Core)
Hi there!
Thanks for this project, looks really nice.
I'm having issues building this module, I'm using XAMPP on macOS, so I run:
/Applications/XAMPP/xamppfiles/bin/apxs -ci /my/path/to/mod_cspnonce.c
And it returns some errors and warnings:
/my/path/to/mod_cspnonce.c:83:9: error:
redefinition of 'r' with a different type: 'int' vs 'const request_rec *' (aka
'const struct request_rec *')
int r;
^
/my/path/to/mod_cspnonce.c:51:52: note: previous
definition is here
const char * GenSecureCSPNonce(const request_rec * r)
^
/my/path/to/mod_cspnonce.c:86:9: warning: implicit
declaration of function 'timespec_get' is invalid in C99
[-Wimplicit-function-declaration]
if (timespec_get(&ts, TIME_UTC) == 0)
^
/my/path/to/mod_cspnonce.c:86:27: error: use of
undeclared identifier 'TIME_UTC'
if (timespec_get(&ts, TIME_UTC) == 0)
^
/my/path/to/mod_cspnonce.c:94:7: warning:
incompatible integer to pointer conversion assigning to 'const request_rec *'
(aka 'const struct request_rec *') from 'long' [-Wint-conversion]
r = random();
^ ~~~~~~~~
/my/path/to/mod_cspnonce.c:98:7: warning:
incompatible integer to pointer conversion assigning to 'const request_rec *'
(aka 'const struct request_rec *') from 'long' [-Wint-conversion]
r = random();
^ ~~~~~~~~
/my/path/to/mod_cspnonce.c:103:7: warning:
incompatible integer to pointer conversion assigning to 'const request_rec *'
(aka 'const struct request_rec *') from 'long' [-Wint-conversion]
r = random();
^ ~~~~~~~~
4 warnings and 2 errors generated.
apxs:Error: Command failed with rc=65536
Is there anything I'm missing here?
Hope this could be solved soon, and thanks again for this module!
I'm having some issues enabling this within Plesk Obsidian running on Ubuntu 22.04.1 LTS. The option under Apache modules is there after compiling but when enabling it I get an error which I cant find any info anywhere on the internet, I'd really appreciate any tips on getting it working.
I get this error: Error: START httpd_modules_ctl --enable cspnonce -e Load file /etc/apache2/mods-available/cspnonce.load for a2enmod not found resource(s) deleted
I can see that the .so file is copied over but within /etc/apache2/mods-available/ there's no cspnonce.load, what could I have done wrong?
EDIT: If anyone else is new to this like me and having the same problem I figured it out an hour or so later, I just created a new file once I knew how the other apache modules looked. Using nano, just create a new file called cspnonce.load and paste LoadModule cspnonce_module /usr/lib/apache2/modules/mod_cspnonce.so
and voila, it will work!
Hello,
I'm using laragon with PHP 7.4 and Apache 2.4.35 (VS15) but your latest library for Windows is VS16, is there any version that can match with my apache? Thank you!
Hi,
As documented, I build the module using Visual Studio. When I included the generated mod_cspnonce.so file, Apache service didn't start. Any guess what went wrong?
Apache Version: 2.4.35
Wamp Version: 3.1.4
Regards
Ankit
Ideally a cryptographic random generator should be used. Esp. in a multi homed setup.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.