When viewing the admin page, which contains a widget showing details on new plugins, or when opening the plugin details of a plugin, there is currently a CSP report shown:
[Report Only] Refused to load the image 'https://plugins.matomo.org/RerUserDates/images/4.0.1/RerUserDates-cal.png?w=400' because it violates the following Content Security Policy directive: "img-src 'self' 'unsafe-inline' 'unsafe-eval' data:".
To avoid this I've added
In addition premium plugins are loading the reviews from shop.matomo.org. This would also fail in the future, so added
default-src as well.