MyBB Community Forums
Security: Content Security Policy - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Development (https://community.mybb.com/forum-161.html)
+--- Forum: Suggestions and Feedback (https://community.mybb.com/forum-199.html)
+--- Thread: Security: Content Security Policy (/thread-225060.html)



Security: Content Security Policy - Azah - 2019-10-21

You might want to set a content security policy header for privileged areas (ucp, mcp, acp) and the login / registration pages. Ideally, you would do it globally tbh, it should help to kill off any unwanted scripts that might be running for whatever reason, whether it's a XSS flaw or something else.