We have found that the module is causing some extraneous characters printed in the html. It happens only with LoadModule configured. Meaning, when CSRF_Enable is off, this sill happens. In short, the top gets a few characters followed by 4 or 5 new lines and the bottom gets 4 or 5 new lines and a 0 then another few newlines. It happens with any file. A file with just "hello" gets turned into:
Let me first make a correction. The guy I was working with didn't realize the default was enabled and he thought that by omitting CSRF_Enabled it would disable it. So, CSRF_Enabled off does not manifest the issue. Further to that, we think it may be an issue with cent httpd because the fedora httpd doesn't seem to have the issue either.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
mod_csrf forces Apache to used chunked encoding by default (as the module is going to inject additional data to the HTML page). Those "few characters" tells the browser how many bytes it will receive next.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
We have found that the module is causing some extraneous characters printed in the html. It happens only with LoadModule configured. Meaning, when CSRF_Enable is off, this sill happens. In short, the top gets a few characters followed by 4 or 5 new lines and the bottom gets 4 or 5 new lines and a 0 then another few newlines. It happens with any file. A file with just "hello" gets turned into:
1
h
0
Below is a copy from some html. Any thoughts?
<body>
"5e2
"
...
<script type="text/javascript"> csrfInsert("csrfpId", "7p9qWqQSGYwbUH-XiQMznuANe3CXAkWVPvQ8VxccWISD-FF5wQ16hsrAGQ808T5x"); </script>"
0
"
Also, the version is 0.5 for mod_csrf and httpd-2.2.15-29.0.1.el6_4.x86_64 on a cent6 box.
Last edit: Hojo 2014-07-08
Let me first make a correction. The guy I was working with didn't realize the default was enabled and he thought that by omitting CSRF_Enabled it would disable it. So, CSRF_Enabled off does not manifest the issue. Further to that, we think it may be an issue with cent httpd because the fedora httpd doesn't seem to have the issue either.
mod_csrf forces Apache to used chunked encoding by default (as the module is going to inject additional data to the HTML page). Those "few characters" tells the browser how many bytes it will receive next.