Content-Security-Policy values
#1
In Setting up HTTPS, the Suggested value for MyBB Content-Security-Policy is :

upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none'; base-uri 'self'

But online HTTP header scanners say "This policy contains 'unsafe-inline' which is dangerous in the default-src directive. This policy contains 'unsafe-eval' which is dangerous in the default-src directive." Is it possible to correct this without breaking myBB?
Reply
#2
Not right now, due to numerous inline scripts and styles: https://community.mybb.com/thread-224083...pid1333851
devilshakerz.com/pgp (DF3A 34D9 A627 42E5 BC6A 6750 1F2F B8AA 28FF E1BC) ▪ keybase.io/devilshakerz
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)