Commit 46050efe authored by Till Brehm's avatar Till Brehm

Merge branch '5815-goaccess-stats-blocked-by-content-security-policy-nginx' into 'develop'

Resolve "GoAccess stats blocked by Content Security Policy (nginx)"

Closes #5815

See merge request ispconfig/ispconfig3!1265
parents 8419da87 6eede43c
......@@ -169,7 +169,7 @@ server {
index index.html index.php;
auth_basic "Members Only";
auth_basic_user_file <tmpl_var name='stats_auth_passwd_file'>;
add_header Content-Security-Policy "default-src * 'self' 'unsafe-inline';";
add_header Content-Security-Policy "default-src * 'self' 'unsafe-inline' 'unsafe-eval' data:;";
}
location ^~ /awstats-icon {
......
......@@ -1957,7 +1957,7 @@ class apache2_plugin {
if($data['new']['stats_type'] != '') {
if(!is_dir($data['new']['document_root'].'/' . $web_folder . '/stats')) $app->system->mkdir($data['new']['document_root'].'/' . $web_folder . '/stats');
$ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$data['new']['document_root']."/web/stats/.htpasswd_stats\nrequire valid-user\nDirectoryIndex index.html index.php\nHeader unset Content-Security-Policy\n<Files \"goaindex.html\">\nAddDefaultCharset UTF-8\n</Files>\n";
$ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$data['new']['document_root']."/web/stats/.htpasswd_stats\nrequire valid-user\nDirectoryIndex index.html index.php\nHeader set Content-Security-Policy \"default-src * 'self' 'unsafe-inline' 'unsafe-eval' data:;\"\n<Files \"goaindex.html\">\nAddDefaultCharset UTF-8\n</Files>\n";
$app->system->file_put_contents($data['new']['document_root'].'/' . $web_folder . '/stats/.htaccess', $ht_file);
$app->system->chmod($data['new']['document_root'].'/' . $web_folder . '/stats/.htaccess', 0755);
unset($ht_file);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment