Banshee
the secure PHP framework

Forum

Security Headers on Banshee v5.0

samiux
15 april 2017, 18:09
Banshee version : 5.0
PHP version : 7.x
Hiawatha version : 10.5

When using Security Headers "Content-Security-Policy", Banshee v5.0 requires to use "unsafe-eval" and "unsafe-inline" for "script-src". Otherwise, some links in the control panel of Banshee v5.0 do not work.

Any idea?
Hugo Leisink
21 april 2017, 13:33
Yes, Banshee requires 'unsafe-inline' and 'unsafe-eval'. But although it's called 'unsafe', Banshee is not. Not every usage of inline links and scripts is unsafe, so I don't agree with calling those settings 'unsafe-*'. It gives a false idea about what's going on.
Message preview

The following BB-codes are available in a message:

  • [b]Bold text[/b]
  • [center]Center text or imagen[/center]
  • [color=color name or #RGB code]Colored text[/color]
  • [i]Italic text[/i]
  • [img]Link to image[/img]
  • [right]Align text or image right[/right]
  • [s]Strike-through text[/s]
  • [size=pixelsize]Big or small text[/size]
  • [u]Underlined text[/u]
  • [url]Link to website[/url]
  • [url=link to website]Link text[/url]
Back
Built upon the Banshee PHP framework v6.3CMS