MyBB Community Forums

In Setting up HTTPS, the Suggested value for MyBB Content-Security-Policy is :

upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none'; base-uri 'self'

But online HTTP header scanners say "This policy contains 'unsafe-inline' which is dangerous in the default-src directive. This policy contains 'unsafe-eval' which is dangerous in the default-src directive." Is it possible to correct this without breaking myBB?

Not right now, due to numerous inline scripts and styles: https://community.mybb.com/thread-224083...pid1333851