Services web et politiques de sécurité

Exercice 1 — Manipulation des politiques de sécurité #

1. Créer un script PHP qui affiche une page HTML ayant les caractéristiques suivantes :
   • appel du script à l'URL https://ensweb.users.info.unicaen.fr/tp/csp/enonce/script-distant.js
   • appel d'un script dans un fichier local au serveur (via <script src="…)
   • appel d'un script inline
   • utilisation d'un capteur d'événement sur un élément via un de ses attributs onevent (par exemple onclick)
   • du JavaScript à la place de l'URL dans un lien, avec le pseudo-protocole javascript:
   • appel de la feuille de style à l'URL https://ensweb.users.info.unicaen.fr/tp/csp/enonce/css-distant.css
   • appel d'une feuille de style locale au serveur (via <link rel="stylesheet" href="…)
   • des règles CSS déclarées dans un élément <style></style> dans l'en-tête
   • des propriétés CSS ajoutées à un élément via son attribut style
   • la page doit afficher l'image à l'URL : https://ensweb.users.info.unicaen.fr/tp/csp/enonce/image-distante.jpg
   • la page doit afficher une image locale au serveur
   • la page doit afficher une image avec comme source la data-URL suivante :

     data:image/jpeg;base64,
     /9j/4AAQSkZJRgABAQAAAQABAAD//gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcg
     SlBFRyB2NjIpLCBxdWFsaXR5ID0gOTAK/9sAQwADAgIDAgIDAwMDBAMDBAUIBQUEBAUKBwcGCAwK
     DAwLCgsLDQ4SEA0OEQ4LCxAWEBETFBUVFQwPFxgWFBgSFBUU/9sAQwEDBAQFBAUJBQUJFA0LDRQU
     FBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU/8AAEQgAlgDh
     AwEiAAIRAQMRAf/EAB8AAAEFAQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKC//EALUQAAIBAwMCBAMF
     BQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkq
     NDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqi
     o6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+v/E
     AB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQHBQQEAAECdwABAgMR
     BAUhMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVG
     R0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKz
     tLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/aAAwDAQACEQMRAD8A
     +W9L8epb2kli6sWBKgu/KHpkVcvb1bZQx1BJW2bl2vkj2rzPxIqafrE8Ss29HPJPWn2F8lyywsxj
     Y8l5DxXwnsFza6n9XQzOcFa6Vt/M9f8ACvgzX/iVfkWuCoAZ7iRvkUdOf8K7XVPgZryWyjS9Tt9W
     lgHMEeYyvrjdwfzFek/B/wAJJ4N8KKltI9zIEWW9fPOWAwB9Dx+Na2jrHEtybub7CsVwd4yTu/uq
     cfWrlQhonudNHF15qVSDXKtlb+mch8Hfh1d+GdTuNS8QLcQ3qoY47UnlQcfvMjP0GPevRo50S7a6
     tomIQbZFLZYDIO8HuR6YrhrvV799UWbT7t5SitHOHB24JOMeuBWnY6tqV/pTadcrtnkYJBLbJtJG
     fmzn2zWSaWm35HXLDv8AiVJJt7ry9Db0nxJc6g+oxSztcyRzkwxfxEDuF69Oa1tQ8VzPpUkNkwbc
     gZCeqtjgis7UNLsbjSRBtNvOqnyLtTtkjYDjkdR2IrkdN8WaXc6XFFKsayq226gc4b5TjI9+K6oR
     lC0Zs8ipiKNWEuWk2r7dv6t95yHxtujCbPxHbWYiv4Qv2xIx8l0v8MmP7wPB/CvP9Y+Iz3guDqlu
     Vs5olxGTj5vSvUPH+v2mr+FLvSrORPtlvudJE+Ykr0z6cV8o2WqrFqkgvHNxJHL8yyc7R3raVPml
     eJ8rGq8NVj7RO3T/AIB9HeAmml0axtILho1ukYq4bgDoFJ78mts2Gu6VeppkWokiYmWSEZAXGMn8
     TXk/hma3eWRdPvywCFo0zjpyQPpXp2maRNdQrqMGr/aL8x+WyM20jPYZrmnSf2Lo+5wuK9vBOck7
     dGvuZKf7S07ULuSK1iZ2XAaEfIq45HsePxqrcajrGtrFcvYrMtiAeVOMZ4z61ymrXvifS9TFpBbN
     M0pA3B/lJOSB6Z4NUNZ8W61pV1cxXs09u54lTJy3tjvWSje6aaX6m1avKEk4uLkutztb3xLd3lnD
     Zw2K2itMzebFnMnT+X9awdf8WXelaVJB++HlLIFkLBi2/jJ/EVmaN4ovLTRxPbxhYpAySSMOVy2c
     5PQdOnpXK61rn9sXr2odhbHaHP8AFtzyQPqacYKUFUle6PNxOJjCfs1a1/XXqdf8Kr6KwLslysMr
     EmS6kXcd391RXpGnyxTyl7m+lu7HaX8uTmRm5+b2Fef+D/D0Vrp0cCiMwSMZI7kElgenH+GK9N8P
     aZp1lp1zaBnvppWDs7rtKqBjA+pquRcqtoc+rlKonqyDxAIP7CFjczG3ZVWWLyhndu55/CuO3NYR
     ebbTySBvkYhiMDtXearNaajaXYWycKgCqhf5SwHABPQ1xI8PtFbyx3UkkbsBtSL5hnOcEjpWMlJR
     XNqz3sNa3vaXMa6sbe/LQ3MoiEik7iM8gcV4/r3geLTvEulPZx+dNLcpuC+m6vd9Y0e80y0Vzau0
     DbVebGQWz90H2/pXGfEPTn06007VLchbmJ/NjcoB8ucYbHeqpSlFaLRnl5jQoV+So38PX0PopfGU
     trII9IlhZobdfN8x1QIoGOp6muA1LxCmoapaXOpWy6nDdNsVY5AFByBk46EZFeZWXiZ9YtRPapuN
     xEIp+5Uj09+tb/hbw9FeXC28M85kgUTGJ8YQ/wAWPfisZyqylypM+mX1b2ftudKP4tf8OaOrXFl4
     S8R3NvOJk0S6jJ/dr+8ZgMhM9huA/Cuh8KXNt/whET24IvbZ/NmPJAz0P0zWXrKT6lFDLczRXRRv
     s6IYgGCqMkn1OKltJrdF8q0lt4/MBEkTLtfjnFKMZ+0djSNSkqMefd79nbT8UaOm+NUk1a9uH08P
     5iAMvQA46isk3upaf4ghMUNwsd1Hwoj3KVJwf5Vu6S3h/fZ/aLqUSSsRMAMBOeDR4l1K38Ka3Zy6
     eI7y0Zm2OvJ3f/Xrs5JuKcpbHBUVOm5ezp6tddtDS+w2X92f/vk/4UVj/wDCxLn/AJ85/wDviiq9
     mv8An6zwv3v8n4nyVdWUmoXE8t2zrMUDRYXPmN6Z7VLpGktFrNh9rjIgMyBueMbhmvck0WwtoYoJ
     ILBbhl3AMV4J9c9K87u9BvbGe6u76MbN7IFBBUY7jH869B0o6I+QdSvFuT2b6n1l4LWCS1l1CYyF
     Z4zhGO1UwOcc4PIq1M1rq2nJcI5t7pVWbzY8LnHIJHc/WvLdK8dKPCNnJApuYpPLj8uNuc8Kw9jW
     /drf2mm2dpb27RW27y0uXO4gE9Hx6fTtXPKNnrG59Bhak6kYtz5W2kvRI0DrUmhRahYSGOe8Z/NE
     gG5nDcg/rS2dxfeJLiG38gww2hEbOQVbcTkcVQ8M+HLCK2uL/W5vtE7vtR1PygAnp6VW1nxF9gN1
     LY6l50k5WeVHOHDDjIPfIAOOtc7k4xjz/D2PoU6cqk/ZfH/M9r9f1NXxlHqeheftvZzEANkLgtuk
     Jxwew61grrOm/wBmC2uoyt7CDkXCYZvfPeqx8Wu2o241pmuYoAJg0TkozMAQCe+AT+NZ3inxDbeI
     NYtbiINZ2yXCiOYrnbg569+O1axcdWvuZ59aE3ywmttbr+tSe/ubB/IjgmS4+0wtEQOGyMjnH05r
     5f8AHOkto/jK46xwztvVs8dcEfpX1BrFxpt5e/ZoYopH4xKiBWbJ55Ar5r+NdgyeIbJ4i4jctGsX
     JIYHt65yK7KMbLlZ+f5pLkiqivpZ6+p0OhS6f/YYVZGivI3Pzhj9012vh3xTbJAA2oFpFGXGMZxw
     Pxry/wCFHg/WPF3ibQbKS2u00i/1SHTpryNOYizLkHrtO05BIwcHrg19B6r+yb4g0Txnc2kEDX+j
     SJKbS9ixlnEUjqki5+XJjC56ZdcZrzMZisNh5ctaaTtf5Lf/AIYvDcR4XCzUZVLXV7adDzPUfESa
     nqsEcF88B83duduOT3pbm7k0/VJFEp1K4iYN9olk8xR75r2jw7+yhp/jPwx4V1UxXeiXc8af2haT
     FlyBIRI3zcq+3oOhI6CtPX/2Mp5tB0zTdOvYP7Qh1CSS5uypBe1c4XPPJXYpx/ttXhriHLKVX2U6
     qUr28lv8un4nJi+KsvlNxhJ7tO61ur/hofL+seM2vEe2mlcS7mwkX3WJPPToK3vh7pTtqTzXcAvZ
     pU27txCQqcYx6mve/H37HtveeN7TVfDoRLHUJhFPZrEBHaERlt4wRhWK4I7E8ZziuJk8I654VtIQ
     +neTYanO8SEj5leM4IB7DJ/HB9K9qhmGFxEU6Urt626q9/8AJnTk+aUc35Zxlr0T0tv+Oj+43rTS
     Ps2iWhtLszSwFvldcLncCADXQ31wILGK6tR5ereVukjA/dHknA9sGuYstbubL7Vot1ZS/bICyKAv
     zrIGGQQOwxRP40v7bUjpjaa5lNq8HllMt8wGG6VfNCXXT9T9Gpc94OEU7+mq/wAjtNBS41fw/wCX
     eXEFtPLO06p5ZyOBjJHQVU0Q3Oqa/rMUdhLGLWEtGzsNokx+ueoxWV/wmdvobwW995kM8LBZY2GD
     t64/Ku08OX1vc6JZyNIsb3czOATyATlc/hiqjytJJ3OqMXVcuaPu9P6+Rz2mWshnuc228RKbl4ZS
     GKc9Sp6V5z41u4H0R5PPB+0u6fZ88gGvTviLps0+o293pjOLyM+VI8S53RkHIb8u9ebeJoYXW1Rh
     C3mgyRIoBwwyB0rpgvspHkZhTtrOWj1X3HlvgvxBDpt2torJhVLyA8kNuI/lj869ev8AxvbWk4uL
     B1V1jjLhRyxxXgHj20l8P6mdRt1WKeNtkq/wtilsfGMN1ZpOXZZX+UgdFP1rWVNxWh8rhcTSVR0q
     r2/FHr2sePTdxRgWoBSXcH3EZJPt7VnSRteXf2h7krGSCXiIIGf1rl7jXbdbayjusmQQ7hKvcEnr
     68YrHGsxQ3Y8uR1UKSMng1wuim3KWtz6inmMVbkdku57HbiCFTFcahG8wJ2nJXaB057+tUm1uD7b
     axRwT3lzBKXEcY3gnsVx16Vx3gvTJ/HV2DJNLa26FVeQIWLk8BUJ4z9elfQ3hb4X6B4bcXUnmxXy
     QCJWEp4Y8ljjufb9K3VJWvaxdTNKtSLhT9/9PmYX/Cf67/0KVz/37FFdV/YMv/PWy/7/AMv+FFHs
     I/1Y8X2lf/n0vvZ5HoWjfaNdvBdAr5Ue5VmxuxxnrVLx3o93e31tYQEhJovMJj6ovPWun1LRbHW5
     glhewxyeds8oMdxX1UgVd1HQZNL3COSSW+hjysjNkgAe/b2pwk9Yr7z069FSkpt6taJo8k0rWn8B
     SNbSuktrHKsu5o8kHPJIr3HxH4okfS0jskecSYmgdDnIxnGB+GK8l8Q6A3iDRIZZVH2osyPIkYCs
     vYk+tcj4Q8X3Gn+JrDQ9YLfZ7dtlvcBsOnHAPqM1tfmXu9TxXfC1Iursn9z/AOCe7abef2t4Tka9
     vDbTuxkCCIDJ9DjBzmorq90fRpjcQxQzhrMIDkkCTGHOD0PIOPesfxhr9mlolvEDHCzEu6r84YjO
     78Tmuf8ADd9pVzaTreW89+0chkSCOXZvwpGSce+SO+PauWUVBxUbKx71Ou5Up1JX5X0Oi1Lx9Z+J
     NLs9OFjFA8Q8t50GNx6ZNaF5ceHE046dbRmVHBJcsT8w/i9q86t7q11F4Ugmi04xszM8gZhL7ZA7
     Yqpe39tHYyvFcMJlJ3H+Fl7gfrUXk220mKc6UYKMJNa3Om0Pwtqet29oummS51JmMieWMKo/2mPA
     H19a9I0v9l+LVJbK/wDEuozWeqWcq3FpcaRcFXikzk7spjghSCpHOa8X8NfGHxNZQJp/hrWbu1tC
     5Kov+qQnqcEEZr2vwH+0D4ykuxYapJHq/lIIzcQRr5m4/wARwNpOOOn4V4uY0c2qRtgpRhH72/v0
     XpZn5hnkc1x7dPCyhy/j+VreR9J2iWttawwtsuLhYkEkrQBBKw53YGcHPP16Vca9eeEhJQGxkDdg
     nFJqqSG1gnukRFljUjKkOvHTOOvasN7PbcCSCVXI5+YgbPbHpX4a4Td/aSb3+Xy2Xy0PxSpdVHFn
     QPe+bDtlLGQgZcvxT4ZZJbvLgg7eG7YrKErrNz5fmY+UsTtB9/8APerltdNJlDPCZBwWjftWH9l3
     g7OzvsNTRsWata6kgQgxscnnpU2q+HrDX0zfWy3BhlWSAsoOwqR04/D6Vm/a9pjZZXbAyC3fHWug
     0e7MsEnmDndkZ7jvXqYOnVhUjaTUlbVfijSnUdOXNTdn5Hkfjz4Uf8JHbG7sIoYL2OdxNOeMxbTj
     P945AA/wr5uXxOdEvpmvIHgujbISJ+GAOSpHsQVNfdVtLEJZBswqMzksf0r5W/at+EmpahNB4n0l
     oEhW2EFzHIdm3DsUOf8AgWPwr9IyjNazmsHUa1+H1/4PQ/U+Cc+9jWhgcU7wtZNvbsvR7LtY8v1z
     VLHxTYCaaTN3K4QSdDkkfmOtWXvZtPgsoPO8yN8RxTLxgjrmvI9Q8P69o+nW8xuYpDgSeUrcjJwC
     OxrEv/GWo6TZtFdyykqAYgnYk8819p7HmVpR1P295tTpSUk7QW+h9NW/jTTdItLlJr0m7VMK4bqc
     cnnrXlGpTrb2a6u8rK1zIRGwwAr55IHoK8ok8VtPErRM7zEc7ucVvtqV7qWjW1xc/utOtW2xqeC7
     E84Hf61vQ55P3laxxZlmFCUP3UrtvV+VtkQ+Pbkz6e1rcqryzFpTKy4ZsZwa8q0zUWtCQu1kbhlY
     ZFdB431WaV5DLKzSOSsa54VfSuX0q0M86qeea9eMPdPybF4i+JtE7PTby61jDkrHHBCF2qOoHTHv
     XeeBPBdj4huob55rhooxl7WZP9aR1AYdvbH51l/DTw3Nca3b272C3tvO4j+f7qjqST1GACeOeK+k
     fDunxeDLlsIkOniEbFiUkQn+I8ksetcdRKLs9Ej6XLadTE6X6m5oS6VDpMCtbRwlkB/egARY6KBU
     Gq+JILR5fKla7TDOxjTAToMc9c57DtUusxQ+JNNkuNNxcLBtO4LgH1weuccfjUGl6VDrGkrdzHy0
     lz+6Dn5cgjBx14P0rllKUr2Z9zCnGnpb1Mn/AITBP+e0/wD4DCirn/CFyf8AP5ef99j/AAoqtSuf
     +4ijquh6ToV0tvaX6W88EfnIwbhmHO3NZ0Pia/8AEtxOE+eN12y3EUW5417+g/Wuc0l7a8uJrjUb
     0LJGcJGo3qx9M1o3PjW78GW+qQReXHaakdy3ATaCuOcCuZO8r/CjrbUaSXxzXV/j6jDqqaXaLaun
     nW6IVJZcE88HFeReObaK+db9IJFbkCQLjaQeDmuz1fxeb2ytjEEufJOFKpye+D61y2rQ+IfEyqn2
     CVFZ+FZCoO48ACumM1GN29DyMZS9s+SMbvrbU4y8+IWracnkSy+bIqg7g38wRWhpnjmz1SDMlz9j
     nLbpIiPlJ9Riuyh/Zc1a8ulvNXvI7KOQ5MSgt+BOMDjHrWbrX7Ps+m6s7WNxbyW3mBzbyNhthOQA
     emcdjXbz0NnufD/VM6pN1acHydF5d7bmDaeKWjvZVSZLgbduPu457VT1q8vNTtxDETCsw/hPUdzm
     s3VfC+oeG7m4FxZOkSudkgGRium8P6Klzpsd7bOWuh0hxwQOcA9qbhBJSjsY0a+KrOdKvdO2xteF
     rS9g0uSxs4Y4ZJUCyOy5kT6D3r6G/ZmlsdN8QjS5LWU3UYLjUEfBjO3kOu7kHnoD1rwvRvFC6VqU
     Wo3Vi9vvfDhDuIAHHJr379ntI4rk6veRWGpPc75VZYla4jDYwC+Mr245HNfPcQ1lSy+o09WrK1/0
     ObNKiwuAq+093mVr6p3PqN52lUxFlIIyQD82fXFZ8z2Onyo8915cndSP5+tNsLm3KFsFNwO1Cc4/
     rTrgF4QoCkA7gpI4Ffi2Fw9lzwl8nr/kfiE5XM9YrDVZ54re42kHcUU8r9Kdb6WukykRqr/LlmK8
     +wH6Vbjtjb4nTYrKeiqASfetiyEGqW7MCXdWBKqMc45/Oux4ZQfMrN7GMptLlW5Fa2pa0gw24jOT
     nv8AWtGBiGjaMF1IDMAccdSf0qnKjQusix4+YkqvI44x9aS1vkhLI5VArFcHgsewBrr5I09EVDTc
     daSNJPJADtZpOcj5QuTXOfGfRrjVfBOqW0Xll4bOSUK67ldgMjP64z0Nbr3gh1iTcpAJDAjoMiq/
     ia+Waa7WcbofIIdSSAV2knpz0zXm08R9Xq06q+JSX5ndg6kqFanVjumn9x8H2+nR+J9Jt7X+0riJ
     0jMcsCcDdk9q4rUvh5q5mktZIkuI7dyRIke7ORwT36V22tLdTXl/qVjFb27CaSb9wNi7S7Mcgnk8
     gcY6dK2fDWla9dKboXYtpLkKWnOSQMEFcZxznr14r98jzRtzRaP6MhOGKpufOvNPo2eGSeEJ9Vvn
     k0yFoDFGzOir025z9frWYl/9jR/tG6dk4VS3yKexNe56/wCELO3iOoRXDQ3UA2yJ2Z/U88ggfrXk
     Pj7w9KlvPDHEIr2RvMdv4SOtdlO8ndnjY+Kw8ZKn8v1PM9ZvBd3uA28J3961dBsd8Bl298Z9z0rm
     IkZLlkkGGDYYH1r0v4e61eaRdJNYxRNIDwroCxOMDacZB57d8V1VLxjofHYaftajlI+iPhv4Mvbb
     RLcp5do4VceaG8yQ4yWx2XnHOOprtilxrWpxabdWcTQxFi85dQHXHXbzivNPh942l0RJXu4n3OxM
     qSE7lJ5Gc/hWzceNZNTvortLcjyMneRiM89Mnvz+leJzW+J6s/ZaML0UqUVa2lu50M13FoWlyafF
     aTSy2u+RJI5PlKgcnHGKydC8Q6fLFpcJLxLOxWbGF2kepqlrutavqOlXebHctxEUDBOq9yD/AIVz
     OjzaHPqNhHO95ZM0RE8iBXxIAduB6Hjr0zUx/ibaGlSpKFKzlZ+Tv0PQP7ctf+ejf9/D/jRXEfZm
     /wCgpJ/3yKK6bL+VHB7af/P2X4nl2l+MGtCzOLUWbAHYqkjOPauw8P2OpfEXxZHEJPLhSFna4xmN
     Y1HOB09K88+Ffw+uPHmuPDDcLbQWyh5HcZHJxjH5/lX1n4N8Cp4Jggl0799aZH2ia5ZV8xMj5Bu7
     E44HWprRUm2lqjgyqVaolzTvHoJ4X/Z/0nSdShu7tA87bTG7/Ln1O3GK7vVdCsLZI5neNREMYzgD
     kZPufrV/VY2ZJLiW424G8Ro3pzwe341ha+qTSiVGZoiCQsvzBuMjA6GuKpGMY6LY+8oU3OUXF2T3
     siXXdLgvlwLwxRbhtiXACk/Tv9a5DU7G2uvFMlrctCpLfNK7hASB37d6ltLOOK4hYD7QYyr+VNId
     sh9SMjis99W0nQtUFteoTOdzllbOQR8vPtzXJGXPPV21PVrU3SpOMfedjk/FngpryxkdvLKDeACM
     j8eeRivC/DmoP4O8StaXERUQSE7H5DKe49RXv1z4qQWWo/J58MxZIyBwDwRj9a+ePi0bq1ubKd9s
     coZhv9j0Br0KE+afIj4jPaEMPSWNas47+aej+46u41S11q9lgk3x28m4gw4HPb8K6b4LeOm8K+KI
     La7gvbmGcpGq2EilxzgAqeufqMV4LpOoy3R8tbgrIc4cnAHrXV+H7yTQ9etrdb9LC4W4WOWeQkKg
     yMtuGcfhXTiaHtKThPqmn8z4idejjac4PVSWx+m1jci9tFkSOW7RgCRgEr+QxVqwtpp2DJbT24bB
     /eD5R9Aa4HwF8QJ77w3p01lJHqMPlgNciZWaQDjJOR+o/Kuzh8X6jMiLGIn3DIU4z3461+DSfs5u
     nUTum1otf87H4LUpcs2k9mb6QssD4Ta568HtmoI7k2E6Sm1nRFyHCDKn3wKonxPeQRs01gSRj7hy
     PbpWJq/iyV4t0DSQO77AgGD65zXbKpSSvNu/p/mZuDO1bUre+TcrnyeAzNxtHVgfrxzXPyyx/wBo
     kybjHOgkyDjY3Q89BXEjxXqVlN5hea5GNzMh5YY4G3sOf5/Wtqy1a016RpPK+xzFeID91j+J+U44
     xmvKq1Jbxd/L/L/J/LsChK6fU25riMvbGKROQEJDE9DjqR6GtPXrCHW9EvrTzgs9zZvF5iHnBRlz
     n2rjNPvh9skS4GFQkpGvAHrgV1VrfJKYYsgK0eCQc8An/H615yrX95b9PVHZTTg010Z8H2Ok3dnq
     mo+H9R1OfT7fzngMSwDewVyMsSeASPfjFdZpeqS+A5DpOql50Ks9vNEM+Ynv6Yx+ldT+0P4I+z+L
     rfXbRWVdQgO9c9ZFHUenQZ5ryoa9ZeIdKeS/ui9+BtAwcRpjGBX9AZfi/r+HhXTtdX/zX3n9C4DE
     UZ4OniIRuprVLdPvf7zQ8WwT6vpQ1K3maAPKrInXCr91iO4yTke4rgfFF1Pc/apr3Y8ky+Ws2Nqj
     kfN/9b3rbMd1HpFuYpgLBkGSG5bgZOMcc5rb8J/DPV/ivrKaRpmlSxKYi7SSfLEsfKiTceCMqenc
     Yr24zjTXNLReZ5uKnFU51Kslpf5LsfK2ob73XJ1iQhnkIC9Mmva/gH8E/F/xS1610/RdMlSJhumv
     rlCkNuAcEsT156AcmvvL4Ofsm+CfhdamafTLfXvEEgBkv72FX2EDGEU8L36V7xY21vptv5VuqRDb
     hUjAUA/Qdq+EzLjGnScqWDhzNdXt623a+4/JJ5uqU5Okr+fQ+Fx+yl4j8NQ6xPevKYtOidhLaNva
     6yMxxxxkcsSygsTgHON22t/VvgjrXh74b2zXTXMur6hPDDbaVFEFaB2+YiTG7cQqnoQBnJ6V9iSX
     MdtEV273f5txHcevpisq6u4k2tlSVY/N1YseoH1r5f8A1lxtWS5orztpp+mu/wCnXsw/GWYYXlWj
     SabXe3T5vf7j4AeXX9D1CTRbto5xZs23DA7MDJBxnnsR68VleIRYXrXt1bTW1tfQwGdIADufBAwu
     D15J/A/j90X/AIW8O6bb3Oo3GmWGmxRK0897PEu5Vxlmd25H4nNfBPxG+MNv4h1+8XSNOW105Jnj
     siYEj3cFQ7sBuYnP3ScD8K+3yvMnmU3GEXyx3fT5f1t1P0PL+Ko5pJxoUHFRWsm+vZLXf1OF/tKP
     /oIyf99H/Gisv+ytT/59Jf8AviivoeU+k+vUu53n7OthLBp2q6jOfLtxcIuUfDED74PtggfjX0JL
     4oHii0l0+0i5jw8khICxgfdGccnOMCvlb4ReKFdG0Nr77CXnLu5bG6Igbx9flH517rB4wsfDF/Fa
     RbRZ/wCsCA5Lg/dYnucYoxEuVu+zPQ4dpwrUY21cb/ed9ea1qd4zae7xxrDCgZ4m+Ztw+6CRx1OT
     71gazd3UNjAI75vJTKKJOdpx93PeuUv/ABtJczy3sCsIceWVJGTycH8qwNS8T3d5bRJBCyYcHH3g
     T65/pXk80JKyP0WEXQ0VtP8AI7DTbnVhESrqsc2cyOcHbjnjvUGraLaXdjHd3Mu+TzOJQPXsee1c
     dF4/vrm0trfyX862Zo0dhywIxtx7AZqG6vNTeyMd9dSw2/lM8O4ZBx2xn+dEKUU3ZNmFXGScU21F
     3/A3dYmtNDWGOCYXNvJuZuehyQCPTpXh/wAX9WtdUgd1RoYlZQgxySOprsr9fsFnE91dea0iHCRP
     kqPf0NeSeILHVfGepxxabZ3N6FOwLHGWwe2cDHSvXw1OTmm9Ej844ix8IYOdKKc5T0Ry9lcBpMBy
     Ezgt3x9K6a3e90Ka2uGZWeORZI4mXdlsBuR9MfnXXeFv2btYuCtzql1FZqhDtBD+8kxnvjgfrXun
     hr4J2dhv168aK7nupnmVCcFAx4CqOgAxz7V1169OMklqfF5VlOZVPjjyJ9/8tzi/2c/iUfBvit7n
     WrmHTLXUVfaTbszvlui4IVBuHUjtivr/AETxnbanIZdLVZs8+fLjDdCCDXzzf+AYTqFyPJlkjt22
     F4ju2deh5wM0mh+PtR+HCz2g0xJo5GDCZ3zlfbtmvz7O8oWYN4qjf2nbv/kZ55wrXqNzpNOpZaaa
     /ifVcaXOsWzXVxdhY/mAjjwq8Yzycmsi7mZQ26aMxghgGYMCc4/iPX171514X8YT+K9HF4okSM4U
     s52hTzx6Z4rr9Dhi1FN11biC0QYbzWLySEddoHbrnpXw1LB4t1XSUfe+b/E/MoZbi51HQjTbkulj
     TmubSGeR0jiMi4VWCbfm6Hpj/Jqj9sUSmRrchSdoaORgBx6nPJNWobfSDPLJbosiRjO1hsxnpnGT
     09x+NZusRjUPswsVt0ZiXLvgqjAdgeM9uM9a9J8PYypeVTlS/ry/U+wwnBeaVrKdoer/AMkatjrF
     pe3MEF0n2YqDsumGc+zf41NYa62mXwjlRd0ZwvuM5yPzrlbcmPUHh1KxDxDaiSh8byc5KgcHr0FW
     dWlgd1tLedEaNioikYhw3ccn6eleZisgxVODlyp26r/I58dwpmuDTk6XMlreOunpv+BS+O0f9t+B
     4rkTbXstRB+U8BWVv03Fa+Xby20rTJrO+mUrGy7ZIeg55U+p79fWvqnxV4U1LXfAur27IqxFEdZY
     3yMqQ3H5V8j6p4f1aWe20a9SUXMj7beJhliASoP4npX23CMpQwkqNR2cZPR+if53PpsgxkKWWexq
     O0ot/dp+tz0r4E/Cyb4n6rctLM1v4egYGRsHJYn/AFadiTyfbg+mftyxisfDNpDDp1lFbRrCkSiI
     YyijaMnvj+teT/DhYPAPg3TdMt5Y3mt4MXEp+XfKRyfr2HWu007Vv7RuVSVHWCIDDDnfx0r47OM6
     rZhiJOMrU02ory01fe9vkfn+b46pmFZ62gtl+vzOzsNSVYWbcS5PJz0H48irYnl8syk4UnPzHGfY
     VgJNawsWbzDIcHYuOM9c9qm1C9EkgFs4x0DMxDj8/wAK+feIp0/iZ8x7P3W0aJmny0kgVAerE8AZ
     4AHemQRtLIrxFepDSOo3evT0+lZVvaGcEy3MignkeYD+mK0YltoLds3W2NeWIbnHpXJPG6qMOv8A
     XQwjScmcj8Yb+10zwfMkulXHiGST94kMaB4yw6FlHIAOK+HNT0STxBevNNYRW07zh2UxBYt2TlNq
     gbRzjjpX0H+034tudRnstJ0jUrcac64lFtOpn8zP3XXqo6fWvGLC2v8ATpba0vFjIQ7fPclDjg4P
     r7Gv27hfDTwuBUqm8tev5Pb+rn7Xw1lvscFGbSbnra7vb8l8jG/sPTv+gdB/36f/ABoq7/b+of8A
     QOb/AL+D/GivsPbn2/8AZdP+T8X/AJnynBfPBfJPE+1kPDV614T8b28B36iftgChRC5PK98V5jrn
     hm58N6nPaXaOjIcoWUruXsa9r/Z2+CbeOrxdR1nTrmfTFAMFumYxcnPJLcfIMHOD6CtK8ISjdnyO
     UYzFYWu6VNat6r83fp6npHhfRL/4rX9rD4O090srIkzXt8CsCZIO0t1Lc/d5PT612F18CvEL6m8X
     /CQW73M0qv5EERRYioJ3FepUAEZ45I5r2TS/D8sKWmm2sUem6fboSI7IqUt1A4+XI5yR0BySSTzm
     o4L/AFXSdNvImcXRh3MxjDKzjJbqeuB2/KvLcVa2x+ke2qSd+dX0sr6+t/8AhjwvxF8BbmMX6Wuv
     ytquNyW9xbMid+QwcnkDrg96888T/B/xT4e0OO6uJEvlkj3gW0hZlUjksp5wBnkZHvX1M0l0t1p9
     69kEADOnmDbIrZ+XjPcH+dUtT1Wx1CSFWskhgjPlA20YjkiIOAMcd8jmnBRjfoc1V1VJJO76vT9D
     4e0G3s9Y1A6e9zN5ocgrGpYOucEA9vrXvXhLSIdKtlhgtJbG1KmKMsm3zTj9AefrVO7+GWj+B/Et
     14ivEa3t523vESGQhjzt29AWIBHbI6CrSy2moWRurU24sB92KWTadw5AA+gOPxqKlTkj7rN8spOr
     WTrat6XXT0O/i0C0t9LtrpLsj508zYpdsYyxIHar2oxaatnO0VzF5LpvXnPHoffis7wlfS3ujGRr
     hhb5/dBcLx6jA9f5U/wrptlqWn3V7ciK6m85lIlGVGDxx3JHcVzSfNay3PoJ04U4ycm1yv77/kVP
     BmlTapZ3MyXNxAJgVEEe0ZA/jyQSOK4XxDDAmvzaddTyXdpbRltnAbGQM5HXlhxxW1rvi9PD+pSW
     unuElU5ZMFlBx0xnj9BXHXmhX0azancXHM4K+euMBd6gnv0OPesqbafL2ODEwfPKtJ2Ulppqdh8J
     /DkMesS3QumlhkAjht2foQQSxQ5+YfKOp6k8ivYdW0aXT7COLD7n3FHMpLNxzk5xjp1GBXmOm2MP
     hzw9Zf2cTM0F0tvcXCxl8ZOCxOM5Ygkf7oHau/03xBe+I/Jtre4jkEKsqPb5JmyP4T6e/wDKuyME
     pcrWvoZ4KjSp0niI6Wevd9jrtCs4NGsLeKMCSWRQstwxEhkbGDlu47ccVzfjeAz3GlJawiNEnKSQ
     QRkZyCdxIxtAxjsOaxRr2qeH7Yi1tDPZwzCFrdgd8ZJwAp9c9q04RPd3cBuLmSKeeMsQxwVkH8OD
     jABz/k1pJRl+66nrxnBR+sQ1/Pbr2sv+AVdf1VHsbTUZip+y8rgDHy55Ax1GMZHNUJL601HxMH+x
     oZZ4FnluRvRmHoeeeTycZ4rOtNAOsy6sh1C4j/es6xCQeWXwN2F9+c4PerFl4isp9HuB5xh1G1cR
     lShDI2Mna3OQCDwTyB71wyXM+3X1sbKCppJ3l066KW1+5vqLzRpriR7mX7C0gaKGDlVDZ67v4c44
     96wtVeG+16Ka605JL2EA2t2V2GQA8rjPUHnH+NWbW81TXdMsppVtYITGYnlTeM9Ruxg89Dx3rkPi
     9aXGieGtQvkuprm6sQtyu848zkKWBx6HPuAOleZXwcMTNyppqctL7b9/I+A4nyLDvDTrwtGtG706
     pb3OwsNTiE6yT3IaQLn7Ox5Zv8/yr0Gz8UMyLEytbKFUBOm/gY578fzr5C8EfFO01KaD7SVS8V8u
     JGw5Of4T3r2/wn4ytbxRDh4piVC72wDjjgivhMdlVXDNxcbM/nirTcX72h6o93CkBaOdvNLAeWCQ
     CpHaprS8SUgyAoBgZ3Mc9/WsayuI9m24j8or8wZmI3DnPIz6D8q07m9WW2YR7HTHLbshlA9OOea+
     Znh7y95nnzgn1NWPVrONlEjO56bVFUfEvxN8O2eiPb6dcQX1+zYa2RozJGR32nkkY7An6Yr5m/aN
     1+8s2tp7S9ne0ZF8sxuYzHJ3Bx7Akfj6V8/Xt1reveLHhivbvU9SQkNLNISyAcklieFHPPFfc5Xw
     nRqqli607r4rW/B/0j7LK8mpVYwqzne/Sx1eqeKNR0vxfLdCU3cjzs6iQbt2T0IP1rvNJn1nx9HP
     PbWnm3VqyedEcjC88L19D/k1W+GXw+s7i2S/1yA3NxuxG0oLKCegA6Me+cHHA6mvdNA8J7rqEwWw
     tLIEiaNm8t5crhcoFwOT3OfpX6NUk4wkqbP2/BUvazTcNUt/kcp/wjer/wDQAX/wMi/+Kor1f/hA
     r/8A6A1z/wCBkX+FFZfWF/z6f/gP/AN/qNL/AJ+fl/mfFLeELv4havb6NFbi7njZbhmDAeXFvw43
     HoMfqa+sPDuswabBBFZWvlm2VLXZboCI1HCBQOcHnH5V4r8DLFdX1rUtWUMiSOqKVOMAZJB9R93P
     0+leoy6lHYaTNYxCa9ugolkntIwJGYEFmwDwF5/KtZSqcqs9EPD4ehOvOpGGsrJ/j/X3GzJ4u1C4
     0W/1iyjlSxaTylwCXkwynOOMKNrA896V/EF94h0eH7JAwub8FTul4iHzjeRjOMKe3UgCobsX3h7S
     LTRpNMF3cSwJHGkUgIhcgA8dDjnnJqOwtLfTy0CtObsbY2IGyLCjjkDjJJ5JPJq0puyv6nqpU23K
     MFp8PXTzsdPcG8eQMTHcuIkXMcrKN/Q9V447fX2FYUfh17cX13cm2vbm4VVnK7gFHzY+bIz6ZwMe
     vSotDt9V1SKAQWVzaRG4Msl/PGWT5d3yheN3TOQfX8bF5b6hDHlrm1KDemULfMCeN2cbSCeoBGRU
     ynfVJs5nhvZ3gpJN7nDeIrK01u3t7b7PNJZXMTibeWdY2BGw7h6/njvzXmui6h/wj+uT+HbsiOMS
     go6nIdT0Pocg17ppWgR2UUt+skJsIjiTZwYlww+ZMYwM9McnivnH4y+TbeIrK7gmEibTC5VSgG0k
     qRn2OP8AgNbShdJtHnQqfV6zg3Zfqd34fs5LvxAukrdtHbu2EETcM3Ur7du/eul8Xx2ejaK6wFrR
     4Rs3xOQzfXn3ryDT/E81hDDf21wrmRlCc5KMuOQOo9M9OtaGp+ItQ120kSdont2kWR5Aep25AH1G
     fyrglFU+ZNa9D6ani5Ylwlz6df8AgnS2Vro0Phk6hFqSXWpSvm4hkYb1XGenU+9cTLqsmoaxa6fZ
     uBDNcLH5T5MZLYU7h7ipPE3iOyhLWttbqY1QDfIgRgfb0rntN1mKxjtb1WZL/wC0hgzx7kjQEEHr
     ySc8eg96hQ2ic9WatKo23fa/9dD6L8KeHLKw8XTXqy3CRKEmiikkBVZju5GOwHTP9K0p9Qn8I+It
     MuLGwinSPiMRbiZCxLbSMn14AA44rz7RPF1x4gu9mmObpGUrGscg/dNliAxzxjLD9an0jxGbLXIT
     c+asEciyNAxwSwyN3I6jJx9aupPksob9z0cJSVWi27OPLt3Oy0nWbzxR4mS3vJIlt5bv7RNaJJtc
     v0Uc88Z7+ldH4q8JWosJL2ydIbuG4MUhWXCkcDP8/wAq43VPENnq92v2GztdLkeaFbSYy4KMoIcM
     BndvB56DOOlbo0vTJL5HvdWmljePzGijjKxqTnKEfxfiT9Kxc3JuLd332t956lKEYU1OKcUt1a9/
     u08vkZ+iXOreH0lmFnFPagNLJK8ILEHIByCSDgDHNWdAht7vT7m/klhmuFxJHbqofBYB8n1IG1ff
     bjtVC48ValdxahYQpJcxSMFUwR4ZlC4Cn1wPbrWFbaVqC2NzLL9njWJFeWOG4AZVJO3gdwc8dsHp
     UU5Qi0o+9v8AeTi8O5xlKVoSbXzR1+meIJn0m+t5LB/Kjbcl3DkgAgEA+mOK8r+Ib6z4g8Jaklrc
     iWKW3ZUgfklRgsAc/wC8QPpXpekah5fhlrf7QgRi2+QYBbPU+3evMfE/iRtB0uO3uEMBjWVLaPH3
     ydxCqPQFh17V1Uk5Si0eDmrisNVjKy3v926v38j5pFk4s1likYS7sKCcEfSvSPCPxbvdDeyg1ItN
     aK3zPn94gA/UdfeuD1XSPsTwZYbtx3IOoOe/51X1dNsCIsb+eOWypBHpxXs1aNHFQ9nXV0fgmMwc
     Ku6uffnw+8d6Zruk2j2s8V2jRBh8wO4dT9CCfT1FdJNp1tduJIJxHaMcB924I3+0p6V+c2g+JtZ8
     Dajb6npk0sEsTqx3Djgg7WHocAYNfSHhf9pceKrWWwWOXRtbuIQkVzw8bSHGWPTHPr2NfnmY8N1Y
     Pnw75o/iv68j4yvldTnSpXaZ1nxh8NWHiuKLS7ti7QSBhJaPtMhxlQ6jqOuCMd+axPDngu08P7tZ
     ggtLLEAMYm3+bI2Tzs5zntn161hWOtG4u7m8kdvNW5hiA4zIXBDMw6E8BRnj5jjmvYPswm0q3uL7
     czKjSOIsHccHau7npx0H419Jl2Eng6CpOV7H65kWTywNOKrPmu/u8kRTi3sEbU3tZLq+twSkokYK
     rgZbgHBx8349+MV6hpGoWF9pEBe58tWwQ455Hf3rzDw3obJ4ctWmlW6ypJEgyF3DkAZ+o5znPvUV
     3rr6br9xpxtpPLhiiECQKSI12DIx29T06mutuyTezP03B09JUqe6e/ktP6+Z795Vr/z+/rRXgv8A
     wm0n/PK4/wC+G/xorT2tPt+Zt9Qr9/wPEvg7qs2jXclzHd4tDJ5c0Kr8yKdu5wO/8IxXpeh67cTa
     JeBtjX1lMNr7cGdZAVz1GCf/AGYV88eAtcuPDPjSG1kZJ1vW2xvuKplgVBOQOM9cjgr7V6+bt/E2
     sXP2+xNjHaiPeLd+ZSB93OO2B+YrRwfXZnyuGxUZJwWlt35ennc9Xn8RLe6rbJBNcDULBWmlR7c4
     AZGUhmP3TyD+fpWdBrF94m1OWzs44oVjIWWaRwVkGc4HOecdq888M+Mk0GXUfsMwntom81BIuMj+
     NX6ZxwRz61N/wljapaTy2Vx9lvpAWCxJuyo/iIzhcZNQ3Ll95/JHsUJKM7QWltG+nqj22Dxglisl
     vHqMcW1AN2QcMvTj9KxrfUNU1S3MotoHBDT7SRuIIyVC9c8cCvnfU9eudEhmvLgvPctIYxLG3yq3
     8Wcj0JGB61t+BPihLDHqsM6SNJfyLJHKCAInHcHr/wDqFY+253yTuj0p4SOHpv2FpPrf8bansVhp
     lxNbX8thcP58sb3UqKdysvQqBnuT788gV4n+1ZYadpVhoNxprqVuJmmJaQA7GjQ5xx3B59T7V2vh
     Txm+h6rdwrcAud6MgYYJ8wsFByeAO4HpXyz8db5x40W2aZ5BAhXDyFurEgn0JGOnpXqYde1VrH5x
     n9SeFk63N1VvmQ23iCe0kV4XckKeYzxyK3YviNd3NubV2GG2gEKM8dP8+59a8306S4vbiK1hUvKx
     2ryB+ZPA+tfQXhf9lnWb+1srm/1aC2kmG5rS1gM8yj8Sqg47sRg9enJOlGOjPOwmYVq7tCN2u3Q5
     KS/N7Yy3E0ywAFV2uxYsSOxxj86xrK4t/tixXExSzBJaYKWx9K99PwI0rWNWttKvI9QWSDDfZbSR
     fnY4LEqEJcnud64HTA6bV9+yXpF3qUsU2t3trGkQQxSBEWNuyiIkEDvnfjJxzzXLGCb1X9dj6Odb
     GSSTi9vI8D8BePItF1trMb1trqQbJVBLLIAQuR6HOD+HpXsfh3xPFO15LeFL4zj5H3ByMYYEN6EB
     l4/vZryf4u/A/Wvg7Gbq1v01SzljKSSxRASRoTgtwWAU4Kllbvg4DDPLeB/iIRdx2l7hFEYhim4C
     qAPlXAHfnn16+tOrh3OF4dBZfnX1TELDYv3VLZvo7/kz6N07+zTOLmSNkEbhyI3+ZGxw4JB4z+PB
     rcutZt5LaGUXBkLsIZFAK7R/ex0Ixnv1rzm28TQvc/bVFtbCZFjbykIRzkAnA4BxuPYcHHvv2L21
     jK1xdyWlzCpjKlMqkbEBuQCCepGTxwenFeK6TSasfqdHGwk0+bRdOn3np58USQx3Iigto7WUCIM8
     Xzsf72R3PU4rjmldXuRMjl2laJPNjI3DPRSevJ6D1qjf6tCJ7CJrUiRG2vHLykpHt6dP09as654i
     nn0E2EMTJIu7bDCNuG29VHr0Jx6VSjJ69ip1YJJL7W/yIvsWpaZbi8exkisbaYRs5BDbgF+8p989
     RXlPxb8XxeJry3igmie4gZ3kkVt2CTgDPr9447cV3N947W9txa3D+dK6byqS5aQjjJGeTWJoPwni
     ubdLz51uppixZyGLnBLHHQAdunUZrvpLkj7p8dmsvrU1Tna36LocZo2gma2t2RVfzzwUG4s3oeOv
     NdGvhe6uJpZktBZLCDkxKNp5A78nk4yT7dq9AHhPT9FitreCXZJAkvmF8IqAgBcHqcnjIPO4dqoa
     daXOmmazS6aNZ3WO4gikyGQHJJHQ425B7YFKd7O+pzUcDS5bwR5Fr/gVEL3QtRvK5LxgEcMASQPq
     Ppwe4rF8JQrb6/Axn2qnOQPmUbh+te5R6RLqtsI4zEskq+S08jrGrf7R5+UD364ryTxtaRaVfyy2
     UjKithz0SQZ6gflz3rrhKcVZu585jMBSVVVYK1ndnq9vf2cViptiImW5iZmxukmb5iGbA5xj6ZNd
     xoMOs3GnxrcO8Ftuy0UChpSQNu3J6Z9PevN/h9q9lL4edLicRSOsU3mA5O7djGeoUKzV3Ph/xbdL
     ps0EBX942+OYtgghi3U4yDgZ7/1zm7ayeh9Pg03TXs1dprf9DV8Pw67d6bLFFciGweQRswUbsg7Q
     oyRj8PaodT1SLwhcSWd0ovr53SX7ZyCwIyUOfTuR6fnmabrmrDQLe3WOSOIP5mRGSGYd8jr+PFdH
     plxp+q3cF7qtyk00rRxMijlVCjJIHoAB7nNcjSaiovX8D6NpxlL2kfd123Zof8LT8N/9AW5/7/0V
     2f8AY3w7/wCfo/8AfgUV08lXujx/a4X/AJ91PxPEtUgsdWsdXnudLspmtjGyM8C+YpfJ+VwNwwV6
     g965ubQ7vwzfS3H2tZhd6cbu3JBz8kyoVk9fvDBHvRRTm3ovNHzmOpwpJygrO/6HArrL339rTrF5
     MEMZmkgWUlZW9D04rDutcaXRke1aW3YttaPd8oAOeCOccjj2oooqJI68LVnKOrHWWqyypDb3DyT2
     0n71oi5wWwef1ro9M1PT9Is4GayaS5kyc7sovoRnngZ4z3/MoqIRXMd9arP2K16ljWtdfUbPU9bS
     GO1EU8aFIhyCVfG30HFfP3ijU7jX9fu9QupDJNPKSSfrxRRXuYZLVn5VxJOT5IN6L/JH1F+z/wCB
     LPwqLhLu1t768u7VZjMSThTj5Qccc/1znivdNFs5PDVla621vA+jXsiRQWHmGRoyWxubcuCOOF6D
     Joorzasm5ts+3yqjThShTirJpafI6zTkbxMU1+B1tSiyWi7o8uQp+7wQAoIHqT7YrM8K6/GILq8v
     LWOS73mAtEowwU4BO7dzz2x6c9aKK41J3T73PqMJCMoVItaKyXpqUfENjZRXuoy3trDeaXMH8yyl
     j3r5gADYBOAGyuT7ZxxXxN8YvhtpfhjxUw0TzbbT7oxzRW0z7zEGAIAbrxu75+vHJRXThJy9o430
     Pj+KMPSnh41ZR95NK5B/wlMlvMHuIVLE5DxcdeuVPH5YrtLXxPcXBurSI+WIuOOmD0oorapTjfY5
     MBi69lDndiKLx4La5nsGE8tzF8m5uVboDk5z2Haqq/FE2eoXOkQ2zO0DvEHkb5S4yGY4OevQegFF
     FSqUNNOhrLMMV7SK593bobcOgW87W+pvPM87pHcyAAJgeYy7VOT6D8/bn123vrm3udCEMdtIxyDB
     IhEa7z8pyDljhQTnHPHvRRWVT3ZOx9Bgkqqi567/AKnQanoYklR7m+MhMiq0CWiLGo2bmKndnP7t
     QOmMsfSsVoLzSrKe8067aF0hHnmQ7zMrcgHINFFDirOXU9em3pDpocNb3cepWzOiNCFk3IM5xkjA
     +nb6CuR8eaL5kt7FvHlxqRsPQEDII/AEfjRRV7q7OKtFRvFbanmuleMJvDF/daZIDd2qOyMDwVOe
     dp9PavojS/FElr4XEFtGoW6jE0byIpaNGHQAg4YDjNFFVWSUVJb2PmchrVKlSVKbvFPT7zrtD1C2
     s7Wym+ygyQlWeRsM0jFsDr0A5rMt4pluZNRJRraedwsRzncDyT27j9elFFediG4xjY/Q8D785KWt
     /wDM6z/hGp/+e0P/AH6FFFFRY9HTt+B//9k=
     

2. Visiter la page générée et vérifier que tout fonctionne comme attendu.
3. Modifier le PHP pour que le serveur envoie le contenu avec la politique de sécurité default-src 'none'. Constater tout ce qui ne fonctionne plus. Observer les messages dans la console.
4. Modifier la politique de sécurité en mettant 'self' à la place de 'none'. Qu'est-ce qui marche toujours ? Qu'est-ce qui ne marche plus ?
5. Modifier la politique de sécurité pour autoriser aussi les accès distants à ensweb (script distant, CSS distant, image distante).
6. Mettre en place le reporting : créer un script PHP pour récupérer les rapports et les écrire par exemple dans un fichie de log (attention, ils ne sont pas dans le tableau $_POST (car ils ne sont pas formatés comme les soumissions de formulaires HTML) : il faut lire le flux php://input avec file_get_contents pour accéder au corps de la requête), et ajouter la directive report-uri à la politique de sécurité pour que les violations de politique soit reportés au script que vous avez créé.
7. Essayer de faire des politiques plus précises, en autorisant le CSS distant mais pas le JS et les images, par exemple.

Exercice 2 — Un service web qui utilise un service web #

Le service web Geonames ne comporte pas de service permettant de récupérer directement le lieu « parent » d'un lieu donné : il faut récupérer toute la hiérarchie. Cet exercice a pour objectif d'implémenter (côté serveur) un tel service parent, en s'assurant que le service est utilisable en Ajax depuis n'importe quelle origine.

Le client pourra passer un geonameId en GET, et récupérer l'unique parent du lieu correspondant, avec le choix du format (XML ou JSON).

Vous pouvez utiliser le proxy local de Geonames, dont voici la documentation.