wyDay blog  |  Downloads  |  Buy
Support forum
wyDay blog
wyDay Home

mod_cspnonce: Apache does not recognize %{CSP_NONCE}Answered


Here's my config:

<IfModule headers_module>
    Header set Content-Security-Policy “default-src 'self'; img-src 'self' https: data:; script-src 'nonce-%{CSP_NONCE}' 'unsafe-eval'; style-src 'nonce-%{CSP_NONCE}'; style-src-attr 'unsafe-inline'; style-src-elem 'self';”

I get a syntax error from Apache. It doesn't like the % sign.

I also tried with $ instead of %. No syntax error, but ${CSP_NONCE} is not replaced by a nonce.

Sep 21permalink
Sep 22permalink