New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default configuration makes dashboard unusable #71

Open

filipecatraia opened this issue Sep 12, 2022 · 0 comments

filipecatraia commented Sep 12, 2022 •

edited

Loading

EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' http: https: data: blob: 'unsafe-inline'".

That's with the conf from this repo and no other changes, on a fresh install of Matomo :)

A CSP is required in some of the blocks:

add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; base-uri 'self'; frame-src 'self'; object-src 'self'";

Another issue I see is that manifest.json is also 403'd by default with the configuration in this repo.

The text was updated successfully, but these errors were encountered:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment