Hi all!
I have updated my tracker script as suggested on Matomo website in order to let it work also on a website with CSP enabled and seems it is working.
The problem is I can see anymore the Matomo dashboard (Matomo installed on my server/domain) and the browser is telling me CSP is blocking a lot of inline scripts from my Matomo installation.
Any suggestion about CSP rules to use?
Thanks,
Maurizio
Hi @Maurizio_Paglia
Sorry for my late answer, I missed your message…
Can you share the HTTP headers of the Main page?
- Open the network console tab
- Clear the network console
- Press F5
- The 1st request (or one of the following: index.php) should be the one of the main page: click on it
- You may find a tab called Headers: copy-paste the Response header, especially the content-security-policy field
I my case: the field is not present
In http://demo.matomo.cloud/ case: content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.innocraft.cloud; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.innocraft.cloud;
This can be configured at server side (IIS, Apache, etc…)