Inc Config Private Hosts setting
#6
Thanks again - I appreciate the info you all provide about MyBB here.

Do you happen to know anything about the other MyBB security recommendations - specifically the HTTPS and Header set Content-Security-Protocol (CSP) directives? 

To function with a CSP header, MyBB requires allowing default-src 'unsafe-inline' 'unsafe-eval' directives (to allow inline scripts), but apparently that basically defeats the purpose of having CSP? Just wondering if there is a roadmap to getting MyBB to comply with default-src 'self' which would be considered safer? Or, is this not really an issue?

I already asked this in another post, but got no response... Thanks again.
Reply


Messages In This Thread
Inc Config Private Hosts setting - by gimbal - 2019-07-31, 05:09 PM
RE: Inc Config Private Hosts setting - by gimbal - 2019-07-31, 05:55 PM
RE: Inc Config Private Hosts setting - by gimbal - 2019-07-31, 06:52 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)