Content-Security-Policy values
#1
In Setting up HTTPS, the Suggested value for MyBB Content-Security-Policy is :

upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none'; base-uri 'self'

But online HTTP header scanners say "This policy contains 'unsafe-inline' which is dangerous in the default-src directive. This policy contains 'unsafe-eval' which is dangerous in the default-src directive." Is it possible to correct this without breaking myBB?
Reply


Messages In This Thread
Content-Security-Policy values - by Ekynox360 - 2020-12-10, 05:04 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)