Content-Security-Policy problem in ownCloud greater than v.8.1

[Dallo71]

Hello, as described here: [https://blog.daveeberhart.com/server%20admin/2015/11/21/owncloud-piwik-content-security-policy], starting from ownCloud 8.1 there is no more the ability to override the CSP site-wide and ownClouud only permits scripts from its own domain to run. Furthermore, inline scripts (either embedded in a page, or created dynamically) are blocked and it is impossible use an external Piwik server.

Can you resolve this issue in your app plugin? There are interesting articles to start from: [https://statuscode.ch/2015/04/content-security-policy-and-ownCloud/] [http://piwik.org/faq/general/faq_20904/]

Thank You in advance

[dampfklon]

Solution for 8.x is stated in the readme

If piwik is hosted under a different domain as owncloud you need to use one of two possible proxy methods: Add RewriteRule "^piwik/(.*)$" "http://piwik.tld/$1" [P] to your .htaccess Add ProxyPass /piwik/ http://piwik.tld/ to your apache VirtualHost section

Starting 9.x external domains are automatically added to the CSP in current master

[sualko]

@dampfklon is absolutely right. This issue should already been solved.

[Dallo71]

Hello, I've enable the app v 0.1.0 by the owncloud app store (https://apps.owncloud.com/content/show.php/piwik?content=171304) but in this version there isn't the resolved issue. I manually patched the [OCinstallFolder]/apps/piwik/appinfo/app.php

Please align the app store version

Thank you