2020-12-10, 05:04 PM
In Setting up HTTPS, the Suggested value for MyBB Content-Security-Policy is :
But online HTTP header scanners say "This policy contains 'unsafe-inline' which is dangerous in the default-src directive. This policy contains 'unsafe-eval' which is dangerous in the default-src directive." Is it possible to correct this without breaking myBB?
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none'; base-uri 'self'
But online HTTP header scanners say "This policy contains 'unsafe-inline' which is dangerous in the default-src directive. This policy contains 'unsafe-eval' which is dangerous in the default-src directive." Is it possible to correct this without breaking myBB?