Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 41BB9200CF0 for ; Thu, 7 Sep 2017 20:54:18 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 405F51609BF; Thu, 7 Sep 2017 18:54:18 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 85A321609B8 for ; Thu, 7 Sep 2017 20:54:17 +0200 (CEST) Received: (qmail 3798 invoked by uid 500); 7 Sep 2017 18:54:15 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 3788 invoked by uid 99); 7 Sep 2017 18:54:15 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Sep 2017 18:54:15 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 552FD1A71D0 for ; Thu, 7 Sep 2017 18:54:15 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -2.401 X-Spam-Level: X-Spam-Status: No, score=-2.401 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id c23atl3sYEao for ; Thu, 7 Sep 2017 18:54:10 +0000 (UTC) Received: from mail-wr0-f178.google.com (mail-wr0-f178.google.com [209.85.128.178]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 7434A5F257 for ; Thu, 7 Sep 2017 18:54:10 +0000 (UTC) Received: by mail-wr0-f178.google.com with SMTP id k20so1003886wre.4 for ; Thu, 07 Sep 2017 11:54:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=reply-to:subject:to:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=/UIAAPEnNMR7Ww93DrLuzTe/AWYiKrHxUgzzj88Z/mM=; b=V+0a7w0CUcz56zahiupqwWlzIMbMDNh9OgQKMo+ItL8ywqrPIuOp4RZpw4pI26XOvL Dwtx78wphol4uOGWWVr8IwCvslGe6+XKfyQ2QpshlMW/zJQzDBdPHNP/odGM18F22e5X h30jW1PJCt3Z5ziG9EnbX4cg5al4pRrUrGnrmjkg2ugaiKag5MdEJ0pC520OZLLVKL0w 7ifWk/XXQxG0vCby2g9SoMpdxcnUUDE2BXsUYanqfGm6aWDF0AIn6x6JgYjFVj91ZXC9 9WmfEv5jazHVbW88uHdLM1Ecp9A5ZyyrNBmwcxhcQT45F2uew8IYyqmHOWENNzIXHaqf RhoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:subject:to:references:from:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=/UIAAPEnNMR7Ww93DrLuzTe/AWYiKrHxUgzzj88Z/mM=; b=hHo9GNaXWIR6ypGkbaQwhXmZZ0RZIUXhvSRPR/6A6eZiF5zVEXwPye4tggo0naeBM6 H/9W3CXznfiIZKb3JZ93djWwtXzuevlvjB0c86Rfmb0ZmvYQDmSLk/fBiIT8xssnmQ8b Ik8Bog3/IdS4dXj67MBr2/OjLLby/38fwnmBsoI5doDxxh2tH/RFGb9EVnyZhnhpehoE PCOWv0ijDiXFS+VNTsK1GOTsPR+zGWiuHpPNYGEzgMTDBhegzzExwIt8qqJI32/LO2RS 6VGwVYf8c+EqA70ZxgpZq9lR2f36VTPDxoZkp6GiVEzVmJ1A0/7utyGK5Wphv6Y0zMMu 31bQ== X-Gm-Message-State: AHPjjUjy9h34Pj+Wtx+Y+GSS3E7Tt1YEY3lDUQj/IZn15Oz53yO7vuI2 jk4UsywKmq6toFN8 X-Google-Smtp-Source: ADKCNb7xdJbuEa1RV4P9Bxvyxpv9NQH9obc5dN25NgDk+H+7DrGfcA1adzQ/s5MDu1RDDHzIc+621g== X-Received: by 10.223.195.129 with SMTP id p1mr181922wrf.293.1504810449184; Thu, 07 Sep 2017 11:54:09 -0700 (PDT) Received: from speciale.local ([2a01:e35:8bdd:8580:e11c:1ea7:d73:1475]) by smtp.googlemail.com with ESMTPSA id i4sm1827wre.69.2017.09.07.11.54.08 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 07 Sep 2017 11:54:08 -0700 (PDT) Reply-To: lspeciale@gmail.com To: users@httpd.apache.org References: <4a513065-4a8c-99c3-754c-f2c8e7a28339@gmail.com> <3fe3858d-7070-c49b-259d-d9eed52c5ef6@apache.org> <3f9021f2-0908-db16-ae88-ffcca271f9f4@gmail.com> From: Luis Speciale Message-ID: Date: Thu, 7 Sep 2017 20:54:07 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: fr Content-Transfer-Encoding: 8bit Subject: Re: [users@httpd] CSP nonces in apache archived-at: Thu, 07 Sep 2017 18:54:18 -0000 Le 07/09/2017 à 20:36, Daniel Gruno a écrit : > On 09/07/2017 08:30 PM, Luis Speciale wrote: >> Le 07/09/2017 à 19:53, Daniel Gruno a écrit : >> >> Thank you for your answer. >> >>> Quick spot-check says you should probably change '.)*)' to ').*)' >> >> I tried this but it doesn't seem to work. >> >>> Also, the env vars need to be ${}'ed. >> >> Ok, I got it. >> >>> Assuming you want to inject nonce-foo into all non-external scripts, I >>> would shorten it to something like: >>> >>> s|<(style|script)\s*((?!src=).*)>|<$1 nonce-${numbnonce} $2>| >> >> When i do like you said, I have an error >> Bad Substitute flag, only s///[infq] are supported >> I imagine it's because the extra pipe. >> But even without it >> Substitute "s|<(style)\s*((?!src=).*)>|<$1 nonce-${numbnonce} $2>|i" >> I have no substitution at all. > > Try: > > Substitute "s/<(style|script)((?!\s*src=).*)>/<$1 nonce-${numbnonce} $2>/i" Now it substitutes