Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failing of random generator may slip through #10

Closed
dirkx opened this issue Dec 21, 2021 · 3 comments
Closed

Failing of random generator may slip through #10

dirkx opened this issue Dec 21, 2021 · 3 comments

Comments

@dirkx
Copy link

dirkx commented Dec 21, 2021

No description provided.

dirkx added a commit to dirkx/mod_cspnonce that referenced this issue Dec 21, 2021
@dirkx
Make a failing random generator a major thing, may fix wyday#10
667e943
dirkx added a commit to dirkx/mod_cspnonce that referenced this issue Dec 21, 2021
@dirkx
Also check for a late runtime error. Part of wyday#10
65dbb7d
@wyattoday
Copy link
Member

We're not going to use the APR RNG (the method we've chosen uses a secure PRNG on every platform).

But thrown returning an error on failure to generate a CSP is a good idea. Please separate it from the rest of your changes and make that 1 or 2 line PR and we'll merge it.

@wyattoday
Copy link
Member

Thanks, we just committed the change to return 500 on a failure to generate the CSP nonce: 886e283

@dirkx
Copy link
Author

dirkx commented Dec 22, 2021 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dirkx @wyattoday