Matomo (Piwik) core JS file fails to execute under new Content Security Policy #14653
Labels
answered
For when a question was asked and we referred to forum or answered it.
Comments
|
Woops wrong repo, sorry. That ticket should have gone on our web application's repo :D If this turns out not to be an issue with our web application config after further investigation I'll open an issue here. |
|
In case anyone comes across this ticket, the issue we were having was ad blocker plugins in all the test browsers were blocking Matomo from running, and we were getting errors such as "net::ERR_BLOCKED_BY_CLIENT" in Chrome. Disabling the ad blocker plugins of course allowed Matomo to run, and it now works even with our very strict Content Security Policy enabled. The plugin we were using was uBlock Origin https://github.com/gorhill/uBlock |
|
👍 |
tsteur
added
the
answered
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
UPDATE: This issue was caused by ad blocker plugins in our test browsers blocking Matomo from loading.
Although the Matomo maintainers claim it works under the strictest CSP settings, it fails to execute on all major browsers. The error is "blocked by client" as expected when a script is blocked by CSP.
The Matomo JS file appears to contain a call to create and embed a new script in the DOM, which is one possible thing violating the CSP.
The CSP settings are:
Matomo's claim to work under strict CSP is here:
https://matomo.org/faq/general/faq_20904/
I have implemented the loading of the JS file in the way they suggest.
The text was updated successfully, but these errors were encountered: