- Issue created by @seanB
- 🇳🇱Netherlands seanB Netherlands
Here is a first patch to added support. I will also create a MR.
- Merge request !74Added nonce to matomo scripts when CSP module is enabled. → (Open) created by seanB
Drupal offers the Content Security Policy → module to easily configure CSP for a site. Currently, the script tags generated for the matomo and matomo_tagmanager modules require "unsafe-inline" to allow the scripts to work.
With CSP, it is recommended to add scripts to a page with nonce:
The recommended way to do this is with a nonce, which should be an unguessable, random value that the server generates individually for each response. Supply the nonce value in the Content- Security-Policy script-src directive.
The CSP module offers a helper service now to support nonces ✨ Add helper for safely appending nonce/hash sources Fixed .
Check for the CSP module and add a nonce to the script tags inserted in the page.
Write a patch
Review
Commit
None
None
None
Active
1.0
Code
Here is a first patch to added support. I will also create a MR.