Fix missing CSP exception in NC16

sualko / cloud_piwik

Track @Nextcloud users with @matomo-org (formerly Piwik)

http://sualko.github.io/cloud_piwik/

MIT License

37 stars 18 forks source link

Fix missing CSP exception in NC16 #70

Closed MinIsMin closed 5 years ago

MinIsMin commented 5 years ago

The CSP exception URL requires host and path. host is either given by settings or by gethostname() and ~~path only from settings~~ a /

MinIsMin commented 5 years ago

Now every case should work, tested with multiple environments.

Only the host and / is required, not the full path so we can add a / just to be sure, it doesn't matter if there's already one.

sualko commented 5 years ago

The CSP exception URL requires host and path

That's wrong. The path is not required, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#Sources

Also adding the web server host is useless, because therefore you should use the reserved 'self'. Maybe I have some applications activated which add self to csp and therefore I can't reproduce your issue. Will try it asap and report back.

Nonetheless thanks for your time and effort.

sualko commented 5 years ago

Nextcloud creates different csp for Chrome and Firefox. I created a pr #71, which adds self also on FF. Would be awesome if you could test it @criegerde @MinIsMin

sualko commented 5 years ago

fixed in 3665c399baf9dcf69ad4c492f887f4043b857f29