MyBB Community Forums
Content-Security-Policy values - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: 1.8 Support (https://community.mybb.com/forum-175.html)
+--- Forum: Security Management and Support (https://community.mybb.com/forum-179.html)
+--- Thread: Content-Security-Policy values (/thread-230523.html)



Content-Security-Policy values - Ekynox360 - 2020-12-10

In Setting up HTTPS, the Suggested value for MyBB Content-Security-Policy is :

upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none'; base-uri 'self'

But online HTTP header scanners say "This policy contains 'unsafe-inline' which is dangerous in the default-src directive. This policy contains 'unsafe-eval' which is dangerous in the default-src directive." Is it possible to correct this without breaking myBB?


RE: Content-Security-Policy values - Devilshakerz - 2020-12-10

Not right now, due to numerous inline scripts and styles: https://community.mybb.com/thread-224083-post-1333851.html#pid1333851