CodeWalrus

General => Tech, Science, IT discussion & News => Topic started by: gameblabla on May 01, 2017, 07:30:41 PM

Title: Alternative to Wordpress, Bludit ?
Post by: gameblabla on May 01, 2017, 07:30:41 PM
I'm looking for something like Wordpress or Bludit that plays nice with restrictive Content Security Policy rules.
That is :

Unfortunately, no alternatives i found (except maybe Jekyll) play nice with restrictive CSP rules.
I was using a patched out Nibbleblog for CSP, except that one day it broke X_X.
Plus, it was still not playing very nice before it broke.

I thought Bludit would fare better but it grew much more complex than its older brother Nibbleblog and as a result,
i can't easily patch it for unsafe-inlining.
And i had to patch uikit because it was using eval x_x

Ghost also didn't play very nice with CSP but i wonder if that has changed... I should try it again.
As for Wordpress.... LOL, let's not even talk about it again, it's the worst example as far CSP goes.

I had considered Jekyll but i was never able to install it properly with Gem. And there's no ppa or debian repo for a more recent version...

What alternative do i have ?
Title: Re: Alternative to Wordpress, Bludit ?
Post by: Yuki on May 01, 2017, 07:52:08 PM
Let's see, at my job so far I used a heavily customized version of Kohana (now Koseven) and FuelPHP, both are PHP MVC frameworks. I imagine it's not hard to make sure CSP works, whatever that is, and to make some sort of blogging with that.
Title: Re: Alternative to Wordpress, Bludit ?
Post by: gameblabla on May 01, 2017, 10:18:39 PM
Quote from: Juju on May 01, 2017, 07:52:08 PM
Let's see, at my job so far I used a heavily customized version of Kohana (now Koseven) and FuelPHP, both are PHP MVC frameworks. I imagine it's not hard to make sure CSP works, whatever that is, and to make some sort of blogging with that.
There are just a bunch of frameworks, you would still need to do the dirty job.
That is not quite i'm looking for... I don't want to reinvent the wheel again :sigh:

CSP, or Content Security Policy is a standard designed to counter injection attacks, cross-site scripting etc...
One of the reason i want to fully implement it is because the Mozilla's Observatory gives you a better score based on your CSP's settings.
Anyway, here's how it is implemented (via .htaccess) on mah website :
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "DENY"
Header always set Content-Security-Policy "default-src 'none' ; base-uri 'none'; frame-ancestors 'none'; script-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self'; img-src 'self'; style-src 'self';"
Header always set X-Xss-Protection "1; mode=block"
Header always set Referrer-Policy "no-referrer"
<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" env=HTTPS
</IfModule>

Header unset ETag
FileETag None

RewriteEngine On
RewriteCond %{HTTPS} !^on$
RewriteCond %{HTTP_HOST} ^(.*)$ [NC]
RewriteRule ^.*$ https://%1%{REQUEST_URI} [L,R=301]


However, you can notice that i had to enable unsafe-inlining because otherwise, this would break the text editor & image uploader in Bludit.
I will take another look at Jekyll however (this time from repository), i'll tell you if this fits my bill.
Title: Re: Alternative to Wordpress, Bludit ?
Post by: gameblabla on May 02, 2017, 08:24:25 AM
Okay, so i installed Jekyll from the repository and it's actually pretty cool !
It's completely static and as a result it's pretty fast, the markup language isn't too complex and my posts, believe it or not,
look nicer and less glitchy than they did with Bludit/Nibbleblog.
Since it's also static, it also does not suffer from mysql injection attacks.

Take a look here :
https://blog.gameblabla.nl/ (https://blog.gameblabla.nl/)

And guess who's the best at Mozilla's Observatory ? :D
https://observatory.mozilla.org/analyze.html?host=blog.gameblabla.nl (https://observatory.mozilla.org/analyze.html?host=blog.gameblabla.nl)

Straight A's my dear comrades !
Codewalr.us in comparaison gets an F lol

@Streetwalrus, look at dis
https://observatory.mozilla.org/analyze.html?host=codewalr.us (https://observatory.mozilla.org/analyze.html?host=codewalr.us)
Title: Re: Alternative to Wordpress, Bludit ?
Post by: novenary on May 02, 2017, 10:32:00 AM
Thanks for that, I'll take a look.