1.4

• On failure to generate CSP NONCE force Apache to return a 500 error. This shouldn't happen in the real world, but cover the case anyway.
• Explicitly use secure PRNG, getentropy(), on Linux, FreeBSD, OpenBSD, and macOS. This requires a "modern" kernel (2015 and newer) and updated OS. But if you're using a security library you've already updated your system, right?

1.3

Generate 144-bit nonce values (24 character base64 string) to satisfy questionable (likely made-up) W3C guidelines.

1.2.1

Build fix on macOS & other unix OSes.

1.2

1. Use MultiThreadedDLL for Windows builds (smaller binaries, less code duplication).
2. Don't insert nonce if random number generation fails.

1.1

apr_generate_random_bytes() does not necessarily generate secure pseudo-random numbers. Documentation is non-existent. Using system-specific methods instead (BCryptGenRandom() on Windows, random() on POSIX).

1.0

The first (and only?) version of mod_cspnonce. It's an exceedingly simple Apache 2.4 module (view the source and see for yourself). Included are builds for Windows x86 / x64, but this module can be built for any platform or architecture.

If you're using our pre-built versions, we recommend using them with the Apache Lounge builds of the Apache Server.