Closed arichtman closed 2 months ago
Thanks for the report!
I try to handle CSP for tabi features automatically, so this would be a bug.
The code that generates CSP is here.
I believe the issue should disappear if we add the api gateway URL to connect-src (after line 27).
Would you like to test this fix and do a PR?
Bug Report
I'm not sure if we should handle this by default, since it is messing with security. So I'm filing this in case we should handle it.
If you like I can revert my website so you can see it for yourself.
I was able to get my analytics working again using this - so it's not totally fatal. I'm not sure if the
font-src
andimg-src
are related to Umami.Environment
Zola version:
0.18.0
tabi version or commit:ba5acca7340a940092a9be196302b01441617720
Website: https://github.com/arichtman/www.richtman.auExpected Behavior
Tell us what should have happened.
Umami's analytics script should be pulled and sending data.
Current Behavior
Tell us what happens instead of the expected behavior.
Content Security Policy blocks a call to
https://api-gateway-eu.umami.dev
.Step to Reproduce
Please provide the steps to reproduce the issue.
Set the following in
config.toml