Jump to content
Welcome to our new Citrix community!

Policy object to generate sha256 hash

Recommended Posts

Hi David,

i don´t think there is any predefined policy object for this, but i am sure you can build something to solve your problem. This is just an idea and maybe it gives you an hint.


You need to find your script/scripts with an expression and I think you need to know before how many scripts this will be. The problem is maybe not to find all the scripts, but to create their hashes and to dynamically build a content security policy with all the values.


There is a function to create the sha256 hashes of your scripts. To test this, i created an Advanced Expression, built a responder action/policy and bound it to a virtual server to see what happens.


Advanced Expression with a script example:

1. Name: AE_CreateSHA256

2. Expression: "doSomething();"


Responder Action which calls the Advanced Expression, creates an hash of the example script and encodes this to B64:

1. Name: act_rsp_Content-Security-Policy


3. Header-Name: Content-Security-Policy

4. Expression: "default-src 'none';" + " script-src 'self'" + " 'sha256-"+AE_CreateSHA256.DIGEST(SHA256).B64ENCODE+"'"


This returns a Content-Security-Policy with the value: default-src 'none'; script-src 'self' 'sha256-RFWPLDbv2BY+rCkDzsE+0fr8ylGr2R2faWMhq4lfEQc='


I used https://report-uri.com/home/hash to proof that this hash is correctly calculated: 'sha256-RFWPLDbv2BY+rCkDzsE+0fr8ylGr2R2faWMhq4lfEQc='


So generally i think you can challenge this. Maybe others do have some good ideas too and can help to solve this.


I would appreciate if you update this thread with your solution!


Best regards,


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...