Optimized CSP rules

2025-08-29 15:06:26 +02:00 · 2025-06-03 14:32:15 +02:00
parent cc9b634bb8
commit ebd74db3c4
27 changed files with 57 additions and 39 deletions
--- a/filter_plugins/csp_filters.py
+++ b/filter_plugins/csp_filters.py
@@ -109,7 +109,7 @@ class FilterModule(object):
                # Matomo integration
                if (
                    self.is_feature_enabled(applications, matomo_feature_name, application_id)
-                    and directive in ['script-src', 'connect-src']
+                    and directive in ['script-src-elem', 'connect-src']
                ):
                    matomo_domain = domains.get('matomo')[0]
                    if matomo_domain:
@@ -117,10 +117,9 @@ class FilterModule(object):

                # ReCaptcha integration: allow loading scripts from Google if feature enabled
                if self.is_feature_enabled(applications, 'recaptcha', application_id):
-                    if directive == 'script-src':
-                        tokens.append('https://www.google.com')
                    if directive == 'script-src-elem':
                        tokens.append('https://www.gstatic.com')
+                        tokens.append('https://www.google.com')

                # Enable loading via ancestors
                if (