Closed Retro64XYZ closed 1 year ago
You need to add new directives to the CSP in CspMiddleware::applyHeader()
.
What you need to add will depend on the script you are trying to use, so I can't really help you.
You can find information about the available directives here.
`
`
Would be the script. Is there an easy way to just add the above to be allowed in CSP and for it to survive if I update the application later?
No, customizing the CSP is not supported.
New issue
Your environment
Please answer these questions when reporting a new issue:
What is your operating system (Windows, Linux, OSX, etc.)?
Linux
What is your web server (Apache, IIS, etc.)?
NGINX
What version of AllTube are you using?
Latest
How did you install AllTube (with Git or with a release package)?
Git
What version of PHP are you using?
7.4.3
What version of Python are you using?
python3.8
What version of youtube-dl are you using?
2021.05.16
Do you get any PHP-related errors in your webserver's logs?
no
What is the content of your
config/config.yml
file?Please provide the URL of a video that causes the issue.
Describe your issue
I need to add analytics to the site. I notice you are using csp-builder. Their documentation is not very good. Is there a simple way to add analytics?
The error I see in the console browser is -
Refused to load the script 'https://myscript.com/umami.js' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
Is there a quick way to fix this?
Thanks, Aaron