Compare commits

...

2 commits

Author SHA1 Message Date
b1d0423c94 Merge pull request 'csp corrections for matomo' (#19) from add-nonce into main
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Reviewed-on: #19
2024-10-27 20:28:58 -07:00
4ae6607a3b csp corrections for matomo
All checks were successful
ci/woodpecker/pr/woodpecker Pipeline was successful
ci/woodpecker/push/woodpecker Pipeline was successful
ci/woodpecker/pull_request_closed/woodpecker Pipeline was successful
2024-10-27 20:26:16 -07:00
3 changed files with 30 additions and 31 deletions

View file

@ -212,10 +212,10 @@ copyright = "© $CURRENT_YEAR $AUTHOR $SEPARATOR Unless otherwise noted, the con
# Default config, allows for https remote images and embedding YouTube and Vimeo content.
# This configuration (along with the right webserver settings) gets an A+ in Mozilla's Observatory: https://observatory.mozilla.org
allowed_domains = [
{ directive = "connect-src", domains = ["'self'"] },
{ directive = "connect-src", domains = ["'self'", "http://wisdom.softinio.com/matomo.php"] },
{ directive = "font-src", domains = ["'self'", "data:"] },
{ directive = "img-src", domains = ["'self'", "https://*", "data:"] },
{ directive = "script-src", domains = ["'self'", "https://comments.softinio.com/js/embed.min.js", "https://static.cloudflareinsights.com" ] },
{ directive = "script-src", domains = ["'self'", "https://comments.softinio.com/js/embed.min.js", "https://static.cloudflareinsights.com", "http://wisdom.softinio.com/matomo.js","'sha256-f5+1KXLs1mZ8y68NQwBoE7PzEG3F0whGW7NzS9tC4rg='"] },
{ directive = "style-src", domains = ["'self'"] },
{ directive = "frame-src", domains = ["player.vimeo.com", "https://www.youtube-nocookie.com", "https://watch.softinio.com", "https://notes.softinio.com/embed"] },
]

View file

@ -1,15 +0,0 @@
<!-- Matomo -->
<script>
var _paq = window._paq = window._paq || [];
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function () {
var u = "//wisdom.softinio.com/";
_paq.push(['setTrackerUrl', u + 'matomo.php']);
_paq.push(['setSiteId', '1']);
var d = document, g = d.createElement('script'), s = d.getElementsByTagName('script')[0];
g.async = true; g.src = u + 'matomo.js'; s.parentNode.insertBefore(g, s);
})();
</script>
<!-- End Matomo Code -->

View file

@ -1,34 +1,48 @@
<!-- Matomo -->
<script>
var _paq = window._paq = window._paq || [];
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function () {
var u = "//wisdom.softinio.com/";
_paq.push(['setTrackerUrl', u + 'matomo.php']);
_paq.push(['setSiteId', '1']);
var d = document, g = d.createElement('script'), s = d.getElementsByTagName('script')[0];
g.async = true; g.src = u + 'matomo.js'; s.parentNode.insertBefore(g, s);
})();
</script>
<!-- End Matomo Code -->
{% if config.extra.favicon180 %}
<link rel="apple-touch-icon" type="image/png" sizes="180x180" href="{{ get_url(path=config.extra.favicon180) }}"/>
<link rel="apple-touch-icon" type="image/png" sizes="180x180" href="{{ get_url(path=config.extra.favicon180) }}" />
{% endif %}
{% if config.extra.favicon32 %}
<link rel="icon" type="image/png" sizes="32x32" href="{{ get_url(path=config.extra.favicon32) }}"/>
<link rel="icon" type="image/png" sizes="32x32" href="{{ get_url(path=config.extra.favicon32) }}" />
{% endif %}
{% if config.extra.favicon16 %}
<link rel="icon" type="image/png" sizes="16x16" href="{{ get_url(path=config.extra.favicon16) }}"/>
<link rel="icon" type="image/png" sizes="16x16" href="{{ get_url(path=config.extra.favicon16) }}" />
{% endif %}
{%- if config.author %}
<meta name="author" content="{{ config.author }}" />
<meta name="author" content="{{ config.author }}" />
{%- endif %}
<meta name="copyright" content="{{ config.author }}" />
<meta name="copyright" content="{{ config.author }}" />
{%- if page.extra.keywords and config.extra.keywords %}
<meta name="keywords" content="{{ page.extra.keywords }}, {{ config.extra.keywords }}" />
<meta name="keywords" content="{{ page.extra.keywords }}, {{ config.extra.keywords }}" />
{%- elif page.extra.keywords %}
<meta name="keywords" content="{{ page.extra.keywords }}" />
<meta name="keywords" content="{{ page.extra.keywords }}" />
{%- elif config.extra.keywords %}
<meta name="keywords" content="{{ config.extra.keywords }}" />
<meta name="keywords" content="{{ config.extra.keywords }}" />
{%- endif %}
{%- if config.extra.google %}
<meta name="google-site-verification" content="{{ config.extra.google | safe }}" />
<meta name="google-site-verification" content="{{ config.extra.google | safe }}" />
{%- endif %}
{%- if config.extra.bing %}
<meta name="msvalidate.01" content="{{ config.extra.bing | safe}}" />
<meta name="msvalidate.01" content="{{ config.extra.bing | safe}}" />
{%- endif %}
<meta property="twitter:title" content="{{ page.title | default(value=config.title) | safe }}" />
{%- if config.extra.twitter_meta %}
<meta name="twitter:site" content="@{{ config.extra.twitter_meta }}" />
<meta name="twitter:creator" content="@{{ config.extra.twitter_meta }}" />
<meta name="twitter:site" content="@{{ config.extra.twitter_meta }}" />
<meta name="twitter:creator" content="@{{ config.extra.twitter_meta }}" />
{%- endif %}