From dc11daf43d76f3543d21a646ae5564ff5a884a3c Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Thu, 23 Nov 2023 15:36:38 +0100 Subject: [PATCH] Changed content security policy for matomo tracking --- .../templates/matomo-tracking.conf.j2 | 9 ++++++--- roles/nginx/templates/nginx.conf.j2 | 1 + 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2 b/roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2 index 3d051f62..47fa3357 100644 --- a/roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2 +++ b/roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2 @@ -1,5 +1,8 @@ +# Add CSP header +more_set_headers "Content-Security-Policy: default-src 'self'; img-src 'self' https://matomo.{{top_domain}}; script-src 'self' 'unsafe-inline' https://matomo.{{top_domain}};"; + + # sub filters to integrate matomo tracking code in nginx websites sub_filter '' ''; -sub_filter '' ''; -sub_filter_once off; -# sub_filter_types text/html; This is standart \ No newline at end of file +sub_filter '' ''; +sub_filter_once off; \ No newline at end of file diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2 index bc8c562a..2146f637 100644 --- a/roles/nginx/templates/nginx.conf.j2 +++ b/roles/nginx/templates/nginx.conf.j2 @@ -1,3 +1,4 @@ +load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so; worker_processes auto; events