From 945c44b8d29c502086484c9b73af471e20e32b18 Mon Sep 17 00:00:00 2001
From: zero-24 <zero-24@users.noreply.github.com>
Date: Mon, 14 May 2018 13:13:54 +0200
Subject: [PATCH] encode nonce with base64

---
 plugins/system/httpheaders/httpheaders.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/system/httpheaders/httpheaders.php b/plugins/system/httpheaders/httpheaders.php
index e6ea8f25c03a8..e6e8fe1ccc755 100644
--- a/plugins/system/httpheaders/httpheaders.php
+++ b/plugins/system/httpheaders/httpheaders.php
@@ -131,7 +131,7 @@ private function setDefaultHeader()
 			$this->app->setHeader('Referrer-Policy', $referrerpolicy);
 		}
 
-		$nonce = bin2hex(random_bytes(64));
+		$nonce = base64_encode(bin2hex(random_bytes(64)));
 		JFactory::getApplication()->set('script_nonce', $nonce);
 		JFactory::getApplication()->setHeader('Content-Security-Policy', 'default-src \'none\'; style-src \'self\' \'unsafe-inline\' https://fonts.googleapis.com/; script-src \'self\' \'nonce-' . $nonce . '\'; font-src \'self\' https://fonts.gstatic.com; img-src \'self\'; connect-src \'self\'; frame-src \'self\'', true);
 	}