content security policy

For my forum and the nodebb app of Yunohost, I've made a header nginx conf with like that :

add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; 
add_header 'Referrer-Policy' 'same-origin';
add_header Content-Security-Policy " default-src 'none'; connect-src 'self' https://bootswatch.com/ wss://forum.domain.tld https://api.github.com/; font-src https://forum.domain.tld/fonts/ https://maxcdn.bootstrapcdn.com/bootswatch/latest/fonts/ chrome-extension://* https://forum.domain.tld/assets/vendor/fontawesome/fonts/ https://fonts.gstatic.com/s/opensans/v15/ https://fonts.gstatic.com/s/roboto/v18/ https://fonts.gstatic.com/ https://forum.domain.tld/; img-src 'self' https://bootswatch.com/; script-src 'self' 'unsafe-inline' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/; frame-ancestors 'self'";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options "SAMEORIGIN";

For information, I use the github-sso plugin : so the connect-src https://api.github.com is needed.

This conf is approved by mozilla observatory with a B+ (just unsafe-inline in style-src which is annoying.

I hope this can be a base for the future official CSP conf or at least help the dev a bit.

frju365

PS: ofc: change forum.domain.tld with your forum url.

Hello,
I've created a forum to replace an old phpbb forum. Many of the old users want me to import old posts/thread to the new one. So, I want suggestions how I can do that. Perhaps manually if it's a good solution.

Thanks in advance for your help,
frju365

PS for other users : What I did is :
1° / Go in you admin panel, in Gestion > Users, and write/see the UID of the user(s) you want to set the reputation to 0

2° / Go in a terminal, and write :

# mongod
> use <yourdatabase>
> db.objects.update({_key: "user:<uid>"}, {$set: {"reputation": 0}});
> db.objects.update({_key: "users:reputation", value: "<uid>"}, {$set: {"score": 0}});

That's it !

thank you very much ! it works !

Hello,
I wanted to know if it's possible to set the reputation of an user to 0 after a bug. Indeed the first user (me) of this forum has -34400 as reputation, whereas there was no other users. That's the same for other users. Another has -2398.

Thanks in advance for your help,
frju365

Good, I found it !
Thanks you very much !

(it was in Settings -> Uploads)

In Settings -> Post, I don't have this option... it's weird. In fact I've nothing related to upload. Thanks anyway. Perhaps there is a config file I can change in my folder ?

---

edit:
In the content summary of Settings -> Post, I have :

Post Sorting
Posting Restrictions
Timestamp
Teaser
Unread Settings
Recent Settings
Signature Settings
Composer Settings
IP Tracking

Hello,
First, thanks for your work. It's an extraordinary work you do, so keep doing that

But, I've a little problem :
Users upload images, but only connected users can see these images. Guests can't see these images. It's quite strange. And when I click on "open the image on a new tab" where there is normally the image, I get an error on a blank page : "not-allowed".
It's really strange... I was thinking of a permission error. Can you help me pls ? I already tried chmod 775, 755 and 777 on upload folder and it didn't work.

---

Software version : v1.7.0
Type : Selfhosting.
Server software : Nginx.
Service Managing software : systemd

Thank you very much for your answer. I will see if it works.

Hello,

I've just one question : How can I create an admin account manually ?
I'm packaging NodeBB for Yunohost, so I'm creating a script to install this. I've a problem because I set up the Databases in the config.json file but I don't know how to fill in it to create my admin account.

It's the only thing I need to finish my install script.

Can you help me please ?

Thanks,
frju365

PS: My work : https://github.com/YunoHost-Apps/nodebb_ynh
The install script : https://github.com/YunoHost-Apps/nodebb_ynh/blob/master/scripts/install