Support CSP in Matomo/Piwik plugin
Change-Id: Ie80c6ffca714460c310e2b55ad9b3b63f5ae71ad
diff --git a/lib/Kalamar.pm b/lib/Kalamar.pm
index 1dbc373..59d2695 100644
--- a/lib/Kalamar.pm
+++ b/lib/Kalamar.pm
@@ -164,16 +164,17 @@
});
# Establish content security policy
+ # This needs to be defined prior to Kalamar::Plugin::Piwik!
$self->plugin(CSP => {
'default-src' => 'self',
- 'style-src' => ['self','unsafe-inline'],
- 'script-src' => 'self',
+ 'style-src' => ['self','unsafe-inline'],
+ 'script-src' => 'self',
'connect-src' => 'self',
- 'frame-src' => '*',
- 'media-src' => 'none',
- 'object-src' => 'self',
- 'font-src' => 'self',
- 'img-src' => ['self', 'data:'],
+ 'frame-src' => '*',
+ 'media-src' => 'none',
+ 'object-src' => 'self',
+ 'font-src' => 'self',
+ 'img-src' => ['self', 'data:'],
-with_nonce => 1
});
@@ -251,15 +252,6 @@
};
# Deprecated Legacy code
- if ($self->config('Piwik') &&
- none { $_ eq 'Piwik' } @{$conf->{plugins} // []}) {
-
- # 2018-11-12
- deprecated 'Piwik is no longer considered a mandatory plugin';
- $self->plugin('Kalamar::Plugin::Piwik');
- };
-
- # Deprecated Legacy code
if ($self->config('Kalamar')->{auth_support} &&
none { $_ eq 'Auth' } @{$conf->{plugins} // []}) {
diff --git a/lib/Kalamar/Plugin/Piwik.pm b/lib/Kalamar/Plugin/Piwik.pm
index e991250..ca414ff 100644
--- a/lib/Kalamar/Plugin/Piwik.pm
+++ b/lib/Kalamar/Plugin/Piwik.pm
@@ -14,6 +14,28 @@
};
};
+ # Add event handler for korap requests
+ my $piwik_conf = $mojo->config('Piwik');
+ if ($piwik_conf) {
+ $piwik_conf->{append} //= '';
+ }
+ else {
+ $piwik_conf = { append => '' };
+ $mojo->config(Piwik => $piwik_conf);
+ };
+
+ my $url = $piwik_conf->{url};
+
+ $piwik_conf->{append} .= <<APPEND;
+;window.addEventListener('korapRequest', function(e) {
+ let _paq=window._paq=window._paq||[];
+ _paq.push(['setDocumentTitle', e.detail.title]);
+ _paq.push(['setReferrerUrl', location.href]);
+ _paq.push(['setCustomUrl', e.detail.url]);
+ _paq.push(['trackPageView']);
+})
+APPEND
+
# Load Piwik if not yet loaded
unless (exists $mojo->renderer->helpers->{piwik_tag}) {
$mojo->plugin('Piwik');
@@ -37,28 +59,20 @@
}
);
+ # Add tracking code as <script/> instead of inline
+
+ $mojo->csp->add('script-src' => $url);
+ $mojo->csp->add('connect-src' => $url);
+ $mojo->csp->add('img-src' => $url);
+
+ # Set track script for CSP compliant tracking
+ $mojo->routes->any('/js/tracking.js')->piwik('track_script');
+
# Add piwik tag to scripts
$mojo->content_block(scripts => {
- inline => '<%= piwik_tag %>'
+ inline => q!<%= piwik_tag 'as-script' %>!
});
- # Add event handler for korap requests
- $mojo->content_block(scripts => {
- inline => <<'SCRIPT'
-% if (stash('piwik.embed')) {
- %= javascript begin
-window.addEventListener('korapRequest', function(e) {
- _paq.push(['setDocumentTitle', e.detail.title]);
- _paq.push(['setReferrerUrl', location.href]);
- _paq.push(['setCustomUrl', e.detail.url]);
- _paq.push(['trackPageView']);
-});
- % end
-% }
-SCRIPT
- });
-
-
# If all requests should be pinged,
# establish this hook
if ($param->{ping_requests}) {