You can help CodeWalrus stay online by donating here. | New CodeWalrus | Old (dark mode) | Old (light) | Discord server
We have an anniversary Game Jam! Click here for more info.

Alternative to Wordpress, Bludit ?

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

0
b/Tech, Science & IT publicado por u/gameblabla May 01, 2017, 07:30:41 PM
I'm looking for something like Wordpress or Bludit that plays nice with restrictive Content Security Policy rules.
That is :

  • No unsafe-inlining
  • No eval
  • No links to other websites (other than my own)

Unfortunately, no alternatives i found (except maybe Jekyll) play nice with restrictive CSP rules.
I was using a patched out Nibbleblog for CSP, except that one day it broke X_X.
Plus, it was still not playing very nice before it broke.

I thought Bludit would fare better but it grew much more complex than its older brother Nibbleblog and as a result,
i can't easily patch it for unsafe-inlining.
And i had to patch uikit because it was using eval x_x

Ghost also didn't play very nice with CSP but i wonder if that has changed... I should try it again.
As for Wordpress.... LOL, let's not even talk about it again, it's the worst example as far CSP goes.

I had considered Jekyll but i was never able to install it properly with Gem. And there's no ppa or debian repo for a more recent version...

What alternative do i have ?
Inicia sesión o crea una cuenta para dejar un comentario
u/Yuki May 01, 2017, 07:52:08 PM
Let's see, at my job so far I used a heavily customized version of Kohana (now Koseven) and FuelPHP, both are PHP MVC frameworks. I imagine it's not hard to make sure CSP works, whatever that is, and to make some sort of blogging with that.
u/gameblabla May 01, 2017, 10:18:39 PM
Quote from: Juju on May 01, 2017, 07:52:08 PM
Let's see, at my job so far I used a heavily customized version of Kohana (now Koseven) and FuelPHP, both are PHP MVC frameworks. I imagine it's not hard to make sure CSP works, whatever that is, and to make some sort of blogging with that.
There are just a bunch of frameworks, you would still need to do the dirty job.
That is not quite i'm looking for... I don't want to reinvent the wheel again :sigh:

CSP, or Content Security Policy is a standard designed to counter injection attacks, cross-site scripting etc...
One of the reason i want to fully implement it is because the Mozilla's Observatory gives you a better score based on your CSP's settings.
Anyway, here's how it is implemented (via .htaccess) on mah website :
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "DENY"
Header always set Content-Security-Policy "default-src 'none' ; base-uri 'none'; frame-ancestors 'none'; script-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self'; img-src 'self'; style-src 'self';"
Header always set X-Xss-Protection "1; mode=block"
Header always set Referrer-Policy "no-referrer"
<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" env=HTTPS
</IfModule>

Header unset ETag
FileETag None

RewriteEngine On
RewriteCond %{HTTPS} !^on$
RewriteCond %{HTTP_HOST} ^(.*)$ [NC]
RewriteRule ^.*$ https://%1%{REQUEST_URI} [L,R=301]


However, you can notice that i had to enable unsafe-inlining because otherwise, this would break the text editor & image uploader in Bludit.
I will take another look at Jekyll however (this time from repository), i'll tell you if this fits my bill.
u/gameblabla May 02, 2017, 08:24:25 AM
Okay, so i installed Jekyll from the repository and it's actually pretty cool !
It's completely static and as a result it's pretty fast, the markup language isn't too complex and my posts, believe it or not,
look nicer and less glitchy than they did with Bludit/Nibbleblog.
Since it's also static, it also does not suffer from mysql injection attacks.

Take a look here :
https://blog.gameblabla.nl/

And guess who's the best at Mozilla's Observatory ? :D
https://observatory.mozilla.org/analyze.html?host=blog.gameblabla.nl

Straight A's my dear comrades !
Codewalr.us in comparaison gets an F lol

@Streetwalrus, look at dis
https://observatory.mozilla.org/analyze.html?host=codewalr.us
u/novenary May 02, 2017, 10:32:00 AM
Thanks for that, I'll take a look.
Start a Discussion

b/Tech, Science & IT

Discussion and news about technology and science in general. To showcase your projects and for programming support, check the platform-specific development sections.

75
Topics
Explore Board
Website statistics


MyCalcs | Ticalc.org | Cemetech | Omnimaga | TI-Basic Developer | MaxCoderz | TI-Story | Casiocalc.org | Casiopeia | The Museum of HP Calculators | HPCalc.org | CnCalc.org | Music 2000 Community | TI Education | Casio Education | HP Calcs | NumWorks | SwissMicros | Sharp Calculators
Powered by EzPortal