I cannot get a new Matomo instance to work on a server that has no unsafe-eval rule in the CSP. The UI renders incompletely (no data), and the browser console shows “uncaught EvalError” messages.
I would be grateful for any hint that helps me fixing this. Thanks.
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' ... (couple of (sub)domains following here)".
The failing script is index.php, module Proxy, action getCoreJs:
Thank you for the quick reply Fabian, however, for security reasons this is not an option. There should be a way of running Matomo without having to allow unsafe scripting techniques.
Hi
I have same error with Matomo Preview mode. Matomo tracking works without ‘unsafe-eval’, but Preview mode doesn’t.
Is there any other way around this? Is there any hope that Matomo developers will fix it?
Hi @mikk
I suggest you temporarily disable the CSP on your test environment, as the preview should not be available on production environment, i should be acceptable.