I have http_sub_module installed, but the 'sub_filter' line is not working. I'm trying to use it for a dynamic nonce for CSP as per these instructions, replacing some text in script tags with the variable set in a conf file. The nonce is showing up in the CSP header, but not in the script tag, it just shows the text that needs to be replaced. I have gzip on and added the proxy_set_header Accept-Encoding ""; line. Could this be a permissions/ownership issue regarding the PHP files and/or website directories?
The server block has this configuration in it:
proxy_set_header Accept-Encoding "";
set_secure_random_alphanum $HTcspNonce 32;
sub_filter_once off;
sub_filter_types *;
sub_filter **CSP_NONCE** $HTcspNonce;
The scripts have nonce="**CSP_NONCE**" in the <script> tag.
Thanks for any help!
Turns out, I had
zlib.output_compression = Onin php.ini, which was interfering. It's not needed, since I have gzip on in nginx.